(navigation image)
Home American Libraries | Canadian Libraries | Universal Library | Community Texts | Project Gutenberg | Children's Library | Biodiversity Heritage Library | Additional Collections
Search: Advanced Search
Anonymous User (login or join us)
Upload
See other formats

Full text of "nbwbnbwb"

Advanced 
CCIE Routing & Switching 

2.0 

www ,.Mic j 'unii'sTraiiiing.i'mii 



Narbik Koeharians 

CCIE #12410 
R&S, Security, $P 



VOL-I 



CCIE R&S, by Narhik Koehariam Advanced CCIE R&S Work Book 111 Page I a/1068 

C 2009 Narhik Kucha riant. All rijjhU rtserved 



Table of Content: 



Subject 


Page 


Volume 


Topology 


8 


Yol-I 


3560 Switching 




Lab 1 Trunks 


14 


\ol-l 


Lab 2 EtherCh annuls 


64 


YoM 


Lab 3 Basic 3560 Con figuration I 


N4 


\ol-l 


Lab 4 3560 Configuration 


134 


Vol-I 


Lab 5 Advanced SIP Configuration 


188 


Vol-I 


Lab 6 QinQ Tunneling 


211 


Vol-I 


Lab 7 Fallback Bridging 


229 


Vol-I 


Lab 8 MSTP (802.1s) 


237 


Vol-I 


Lab 9 Private VLANs 


248 


Vol-I 


Frame-relay 






Lab 1 Hub-n-Spoke Using Frame Map Statements 


277 


Vol-I 


Lab 2 Hub-n-Spoke Frame-relay Point-to-point 


290 


Vol-I 


Lab 3 Mixture of PIP and Multipoint 


295 


Vol-I 


Lab 4 Multipoint Frame-relay W'O Frame maps 


300 


Vol-I 


Lab 5 Frame-relav and Authentication 


305 


Vol-I 


Lab 6 Frame-relay End-to-End Kccpalives 


314 


Vol-I 


Lab 7 Tricky Frame- relay Configuration 


328 


\ol-l 


Lab 8 Frame- relay Multilinking 


337 


Vol-1 


Lab 9 Back- to- Back Frame-relav connection 


343 


Vol-I 


ODR 




Lab 1 On Demand Routing 


353 


Vol-I 


RIPV2 




Lab 1 RlPv2 and Frame-relav 


358 


Vol-I 


Lab 1 RIP\2 Authentication 


366 


Vol-I 


Lab 3 Advanced RlPv2 Mini Mock Lab 


371 


Vol-I 


EIGRP 




Lab 1 Figrp configuration 


392 


Vol-I 


Lab 2 Advanced Kigrp Stub Configuration 


428 


Vol-I 


Lab 3 Figrp &. Default-information 


43S 


\ol-l 


Lab 4 Eigip Filtering 


44^ 


Vol-I 



CC1E R&& bv Narblk Kucharian* 



Advanced CCIE R&S Wurk Book 10 

£2009 \«rl>ik Kucha riani. AH rights reserved 



Page 2 of 1068 





Table of Content: 








Subject 


Page 


Volume 




OSPF 






Lab 1 Advertising Networks 


45 8 


\ol-I 




Lab 2 Opt i mi z at i» n df OSPF & Adjusting Timers 


461 


Vol-! 


Lab 3 OSPF Authentic a Hon 


468 


Vol-I 


Lab 4 OSPF Cost 


49? 


Yol-I 


Lab 5 OSPF" Summarization 


499 


Vol-1 


Lab 6 Virtual -links and ORE Tunnels 


506 


Vol-I 


Lab 7 OSPF Stub, T Stub, and NSSAs 


514 


Vol-I 


Lab 8 OSPF Filtering 


522 


Vol-I 


Lab 9 Additional OSPF Filtering 


550 


Vol-I 


Lab 10 Redirecting Traffic in OSPF 


56 


Vol-I 


Lab 11 Database Overload Protection 


564 


Vol-I 


Lab 12 OSPF Non-Broadcast Networks 


569 


Vol-I 


Lab 13 OSPF Broadcast Networks 


578 


Vol-I 


Lab 14 OSPF Point-to- Point Networks 


5*2 


Vol-I 


Lab 1? OSPF Paint-to- .Multipoint Networks 


586 


Vol-I 


Lab 16 OSPF Point- to- Multi Network- 11 


592 


Vol-I 


Lab 17 OSPF P-to-M Non-Broadeast Net 


599 


Vol-I 


Lab 18 OSPF and NBMA 


605 


Vol-I 


Lab 19 Forward Address Suppression 


614 


Vol-I 


Lab 20 OSPF NSSA no-re distribution & Injection 
of default routes 


625 


Vol-I 


BGP 






Lab 1 Establishing Neighbor Adjacency 


634 


Vol-I 




Lab 2 Route Re Hectors 


65? 


Vol-I 


Lab 3 Conditional Adv & Backdoor 


668 


Vol-I 


Lab 4 Route Dampening 


687 


Vol-I 


Lab 5 Route Aggregation 


697 


Vol-I 


Lab 6 The community Attribute 


719 


Vol-I 


Lab 7 BGP Cost Community 


736 


Vol-I 


Lab 8 BC.P & Load Balancing - 1 


746 


Vol-I 


Lab 9 BC.P Load Balancing - 11 


750 


Vol-I 


Lab 10 BGP Unequal Cost Load Balancing 


754 


Vol-I 


Lab 11 BC.P Local Preference- I 


762 


Vol-I 


Lab 1 2 BC.P Local Preference- 11 


772 


Vol-I 


Lab 13 The AS -Path Attribute 


779 


Vol-I 


Lab 14 The Weight Attribute 


789 


Vol-I 


Lab 15 MFD 


797 


Vol-I 


Lab 16 Filtering Using ACLs & Prefix-lists 


815 


Vol-I 


c 


CLE R&S by Narbik Kncharians Advanced CCDE K&S War 

C20O9 VirbikKadiiriini. til rig 


k Book 2. Ii 
lit* reserved 


Page 3 of J 


m 















Lai) 17 Regular Expressions 


829 


Vol-I 




Lab IS Ad\ B€P Configurations 


849 


Vol-I 


Lab 19 Administrative Distance 


860 


Vol-I 


Lab 20 BGP Confederation 


868 


Vol-I 


Lab 21 BGP Hiding Local AS Number 


873 


Vol-I 


Lab 22BGPAlkm-as 


880 


Vol-I 


Policy Based Routing 






Lab 1 PBR based on Source IP address 


886 


Vol-I 




Redistribution 






Lab 1 Basics of Redistribution-! 


898 


Vol-I 




Lab 2 Basics of Redistribution-! I 


919 


Vol-I 


Lab 3 Advanced Redistribution 


935 


Vol-I 


Lai) 4 Routing Loops 


964 


Vol-I 


IP SLA 






Lab 1 IP SLA 


983 


Vol-I 




Lab 2 Reliable Static Routing using IP SLA 


989 


\ol-l 


Lab 3 Reliable Conditional Default Route 
Injection using IP SLA 


996 


Vol-I 


Lab 4 Object Tracking in HSRP Using SLA 


1009 


Vol-I 


Lab 5 Object Tracking 


1019 


Vol-I 


GRE Tunnels 






Lab t Basic Configuration of GRE Tunnels 


1034 


Vol-I 




Lab 2 Configuration of GRE Tunnels II 


[046 


Vol-I 


Lab 3 Configuration of GRE Tunnels III 


1056 


Vol-I 


Lab 4 GRE &. Recursive loops 


1063 


Vol-I 


QOS 






Lab 1 MLS QOS 


14 


Vol-I! 




Lab 2 DSCP Mutation 


29 


VoMI 


Lab 3 DSCP-CoS Mapping 


36 


\'o]-[[ 


Lab 4 CoS-DSCP Mapping 


41 


\ol-II 


Lab 5 IP-Precedence- DSCP Mapping 


47 


Vol-II 


Lab 6 Policing On 3560 Switches 


52 


Vol-I I 


Lab 7 Priority Queuing 


67 


Vol-II 


Lab 8 Custom Queuing 


73 


Vol-II 


Lab 9WFQ 


mm 


Vol-II 


Lab 10 RSVP 


82 


Vol-II 


Lab 11 Match Access-group 


89 


\ OI-1I 


Lab 12 Match Destination & Sou ret' Add MAC 


94 


\ ol-ll 


Lab 13 Match Input-Interface 


Kiii 


Vol-II 


Lab 14 Match FR-de & Packet Length 


104 


\ OI-I1 


Lab 15 Match IP Precedence vs. Match Precedence 


113 


Vol-II 


Lab 16 Match Protocol HTTP URL, MIME & Host 


125 


Vol-Il 


Lab 17 Match Fr-dlci 


132 


Vol-II 


c 


CIE R&<> by Narbik Kothariuitt Aduuwed CCIE R&S War 

C 2009 Virbik Kucha rlim All rqi 


k lii.uk 2.0 
liU raerved 


Page 4 of I 


968 

















Lab 18 Frame- relay Traffic Shaping 


136 


Yu]- 






Lab 19 Frame- relay Traffioshapiny — 11 


143 


Y,.;,]- 




Lab 20 Frame- relay Fray men tali on 


152 


Vm]- 




Lab 21 Frame-relit} PIPO 


155 


v,.:,:- 




Lab 22 Fi anie-relav DE 


163 


\'i.j]- 




Lab 23 Frame-relay and Compression 


166 


X ... ] - 1 




Lab 24 CBWFQ 


179 


\ . . : - 




Lab 25 CBWFQ-]] 


185 


Ylj]- 




Lab 26 Converting Custom Queuing to CBWFQ 


187 


\ "..;.] - 




Lab 27 LLQ 


19U 


\'o]- 




Lab 28 CAR 


194 


x . . : - 




Lab 29 Class Based Policing- I 


200 


\ " . ;. ] - 




Lab 30 CB Policing -11 


211 


\ '..:.] - 




Lab 31 WRF.D & CB WRF.D 


216 


\ . ;. j - 




NAT 








Lab 1 Static NAT Con fig unit ion 


222 


\ . . : - 






I. Lib 2 Ad mi need Static NAT Configuration 


229 


N . ;. ] - 




Lab 3 Configuration of Dynamic NAT— I 


231 


\ " . ;. ] - 




Lab 4 Configuration of IXnamic NAT— II 


238 


X "..:.]- 1 




Lab 5 Configuration of IXnamic NAT— III 


243 


Vol-I 




Lab 6 NAT and Load Balancing 


248 


\ " . ;. ] - 




Lab 7 Configuring PA T 


251 


\i.jj-l 




Lab 8 Configuring PAR 


257 


Yn]- 




Lab 9 Configuring Static NAT Redundancy 
WHSRP 


261 


Yol-I 




Lab 10 Stateful Translation Failover With HSRP 


268 


\ . . : - 1 




Lab II Stateful Translation Failo\er\\ O HSRP 


2"4 


\'i.j]- 




Lab 12 Translation of the Outside Source 


282 


\ " . ;. ] - 




Lab 13NAT on a Stick 


285 


V ,.;,]- 




IP Services 








Lab 1 DHCP Configuration 


TOT 


\'o]- 






Lab 2 HSRP Configuration 


296 


\'i.j]- 




Lab 3 VRRP Configuration 


305 


\'i.j]- 




Lab 4 GLBP Configuration 


312 


Y,.,]-| 




Lab ? IRDP Co n figuration 


324 


X . ;. ] - 




Lab 6 Configuring DRP 


331 


\'i.j]- 




Lab 7 Configuring WCCP 


333 


X ... ] - 1 




Lab 8 Core Dump Using FTP 


334 


X .. ;. ] - 




Lab 9 HTTP Connection Management 


336 


X .. ;. ] - 




Lab 10 Configuring N 1 P 


339 


X " .. i ] - 




Lab 11 More IP Stuff 


348 


X . ;. j - 




IP Prefix-List 








Lab 1 Prefix- Lists 


356 


\ol-II 




c 


CIE R&<> by Narbik Kochurians Advanced CCIE R&S tt ur 

C'M'09 Narbik Kuch.rmnt All rqi 


k Book 2.0 

h.U raerved 


P«g 


eSafl 


968 

















I Pv6 




Lab 1 Configuring Basic IPv6 


384 


Vu> 






Lab 2 Configuring RIPng 


4ii? 


V ,.;,]- 




Lab 3 Configuring OSPF\3 


400 


Vnl-| 




I . ah 4 Co n fig u rin g ( ) S PF\ 3 \ ki l( i -A re a 


475 


\ "..;.] - 




Lab 5 Summarization of Internal & External VW 


480 


Ynj- 




[.lib 6 OS PR 3 Stub. T Stub and \SS A networks 


489 


\'i.j]- 




Lab " OSPFv3 Cost and Auto-cost 


501 


\ " . ;. 3 - 




Lab 8 Tunneling IP\6 (her IPv4 


508 


X ... i - 




Lab 9 Eigrp and IPv6 


534 


V ,.:,]- 




Security 










Lab 1 Basic Router Security Configuration 


559 


Y,.i]- 






Lab 2 Standard Named Access List 


566 


V ,.:,]- 




Lab 3 Controlling Telnet Access and SSH 


570 


\ "..;.] - 




Lab 4 Extended Access List IP and [CMP 


577 


\'i.j]-l 




Lab 5 Extended Access List OSPF& Eigrp 


583 


\'o]- 




Lab 6 l. sing MQC as a Filtering tool 


587 


Vn]-| 




Lab 7 Extended Access List With Established 


591 


\i.ji-l 




Lab 8 Dynamic Access List 


594 


\'ol-l 




Lab 9 Reflexive Access-Lists 


604 


Ylj]- 




Lab 10 Access-list &. Lime Range 


61 1 


\ " . ;. ] - 




Lab 11 Configuring Basic CBAC 


615 


V ,.;,]- 




Lab 12 Configuring CBAC 


617 


\ .. ;. : - 




Lab 13 Configuring CBAC & Java Blocking 


624 


\ . :. ] - 




Lab 14 Configuring P\M 


626 


Yol- 




Lab 15 Configuring uRPF 


628 


Yui-I 




Lab 16 Configuring Zone Based Firewall 


634 


\ "..;.] - 




Lab 17 Control Plane Policing 


641 


\'i.j]- 




Lab 18 Configuring lOS IPS 


04S 


\ , ;. ] - 




Lab 19 Attacks 


658 


\ " . ;. ] - 




Lab 20 AAA Authentication 


669 


V,..,]- 




Multicasting 








Lab 1 Configuring! CM P 


674 


X ... ] - 1 






Lab 2 PIM Dense Mode 


691 


\ .. i ] - 




Lab 3 Static RP Configuration 


711 


V ,.:,]- 




[.:ii> 4 Auto-RP 


727 


\ "..;.] - 




Lab 5 Aulo-Rp Filtering & Listener 


750 


\'ol-l 




Lab 6 Configuring BSR 


772 


\'o]- 




Lab 7 Configuring MSDP 


788 


Vn]- 




Lab 8 Anvcast RP 


807 


\'obl 




Lab 9 Configuring SSM 


817 


\'o]- 




Lab 10 Helper- Map 


828 


Yu]-I 




MPLS & L3VF\s 


p«g 


e 6 of I 




c 


CIE R&<> by Sarblk Kocharians Advanced CCIE R&S Wor 

C2009 Narbik Kucha riaiu. All rqi 


k Book 2.0 

i It mers -:! 


968 



I.ah 1 Configuring Label Distribution Protocol 


837 


Vol-11 


Lab 2 Static & RIP\2 Routing in a VPN 


89" 


Vol-11 


Lab 3 OSPF Routing in a VPN 


927 


Yol-II 


Lab 4 Backdoor links & OSPF 


94" 


Vol-11 


Lab 5 Ei»rp Routing in a VPN 


968 


Vn]-[[ 


Lab 6 BCrP Routing in a VPN 


98? 


Ynj-[[ 


Lab 7 Complex VPNs and Filters 


1005 


Vol-11 


Troubleshooting 




Lab 1 Troubleshooting Mock Lab 




VyHIl 


Mock Lab 




Lab 1 Mock Lab 







CC1E RAS bv Narbik Kucharians 



Advanced CCIE R&.S Wurk Book 10 

C 1009 Virbik Kucha ri«ni. All rij|lits reserved 



Page 7af!668 



Switch -1 



Switch-2 



FO/1 




FO/2 



FO/3 



FO/4 



FO/5 



FO/6 



FO/1 1 



FO/1 2 



FO/1 3 




FO/O 




FOJO 




FO/0 



FO/O 




FO/O 



FO/1 







FO/1 



FO/2 



FO/3 



FO/4 



FO/5 



FO/6 



FO/11 



Switch-3 





FO/1 2 



FO/1 3 



CC1E R&S> by Narblk Koehariam Advanced CCIE R&<> Work Book 10 

C 2009 \arl>ik Kucha riani. All rijjhu reserved 



Page 8 of 1 068 



The Serial connection between R1 and R3 




The Serial connection between R4 and R5 




CC1E R&^s bv Narbik Kucharians 



Advanced CCIE R&S Wurk Book 10 

C 2009 \«rl>it Kucha rianx All righti rtserved 



Page 9 of 1068 



Frame-relax Switch connections 




PagelOo/mS 




SO/0 


SO/1 


SO/2 


SO/3 


S1/0 


S1/1 


S1/2 


CCIE R&<> by Narbtk KadtariattS Advanced CCIE R&S Work 

C 2009 \ar bik Kucha rii n». Al 1 rig 1 


Book 2.0 

its raerved 



Frame-relav DLCI connections: 



Router 


Local DLCI 


Connecting to: 


Kl 


102 


R2 




112 


R2 




103 


R3 




104 


R4 




105 


\<5 




1116 


R6 


\U 


201 


Rl 




211 


Rl 




203 


R3 




204 


R4 




205 


\15 




206 


R6 


R3 


301 


Rl 




302 


R2 




304 


R4 




305 


R5 




506 


R6 


R4 


401 


Rl 




402 


R2 




403 


R3 




405 


R5 




406 


R6 


R5 


501 


kl 




502 


R2 




503 


R3 




504 


R4 




506 


R6 


RG 


601 


Rl 




602 


R2 




603 


R3 




604 


R4 




605 


R5 



CC1E R&!s b\ Narbik KuL-harian* 



Ad* wired COE R&<> Wurk Book 2.0 

C 2009 VarbibKiichariini. All rijha reserved 



Page II of 1068 



FO/19-20 



FQ/19-20 




CCIE R&* by Narbik Kuchar taiw Ad* ancird CCIE R&S Work Book 2.0 

C 2009 Varbik Kucha riant. All rig hit raervnl 



Page 12 af 1068 



Advanced 
CCIE Routing & Switching 

2.0 

uww.MicronicsTraininti.com 



Xarhik Koc Italians 

CCIE #1241(1 
R&S, Security, SP 



3560 
Switching 



CCIE R&* by Narbik Kuchariara Advanced CCIE R&S Work Book 2.0 Page 13 a/1068 

C 2009 Narbik. Kuchariani. All rights rtserved 









Lab 1 
Trunks 






Task I 

Shutdown all ports on all tour switches and set the wtp domain name to TST. 








On All Switches 

fconiig)r*int range fD'l - 24 
(conlig- i t-rangc ) £ Sh u l 

(config)#vip domain TST 






Task 2 

Configure the following Host names: 

The first Switch- Cat- 1. 
The second Switch — Cat-2 
The third Switch - Cat- 3 
The forth Switch - Cat-4 






On the first Switch 
Switch(contig)#Hostnamc Cat- 1 

On the Sec unci Switch 

Switch(contig)#Hostnamc Cat-2 
On the Third Switch 
Switch(config)#Hastnamc Cat-3 
On the Forth Switch 
S witc h( co n tig )# H o st n amc C at -4 




c< 


CiE R&!s b) Narlrik KuL-har tans Ad* unccd C'C'IE R&S Work Book 2.11 Page 14 of 16 

O 2009 \arbik. Kucha rlini All rig h Is reserved 


u 





Task 3 

Configure an 1SL trunk between Cat- 1 and Cat-2 using F 0> 1 9 interface based on the 
following policy: 

Cat-1 - F0T9 -^ this port should be configured into permanent Trunking mode and it 
Should negotiate to convert the neighboring interface into a trunk 

Cat-2 — FO/19 -^ this port should be configured to actively attempt to convert the link to 
A trunk 



On SW I 

Cat.](conf.g)#]ntFGT9 

Cat- 1( con ng- if)rrS witch mode Trunk 

Note you get the following message: 

Command rejected: An interface whose trunk encapsulation is "Auto" can not be configured 
to "trunk" mode. 

The above message can be verified with the following show command: 

Cat- l#Show interface FO 1 9 Switchport 

Name: FaGV 1 9 

Switchport: Enabled 

Administrative Mode: dynamic auto 

Operational Mode: down 

Administrative Trunking Encapsulation: negotiate 

Negotiation of Trunking: On 

t The rest of the output is omitted) 

By default the ports on Catalyst 3560 are set to " Dynamic Auto 1 " this is revealed by the 
"Administrative mode" and the Trunking encapsulation is set to "negotiate 1 ", revealed by 
" Administratis e Trunking Encapsulation' ", when the "Administrative Trunking 
Encapsulation'' is set to negotiate, the Trunking mode can NOT be set to ON. 

'To set the Trunking encapsulation to ISL: 

On Cat-1 

Cat-l(conf.g)#IntFaT9 

Cat-l(config-if)*Switch.port trunk encapsulation isl 



CCIE R&S b) Narbik Kochariam Advanced CC1E R&S Work Book 2.11 Page IS of 1068 

O 2009 Narbik. Kucha rum. All ri|hu reserved 



Cat- l(con%-itV*N» Shutdown 
'I'o verify the configuration: 
On Cat-1 



Cat- lf*Show interface F 1 9 Switchport 

Name: FaD/19 

Switchport: Enabled 
Administrative Mode: dynamic auto 
Operational Mode: down p» 

Administrative Trunk in y Encapsulation: i s 1 

i The rest of J lie output is omitted} 



To configure Cat-1 



Cat-l(con%)#int ftlT9 

Cat- l(conn"g-if)#Switchport mode trunk 

To verify the configuration: 

On Cat-1 

Cat- 1 as how interface FO" 1 9 Switchport 

Name: FaD/ 1 9 

Switchport: Enabled 

Administrative Mode: trunk" 

Operational Mode: down 

Administrative Trunk in <! Encapsulation: isl 

i The rest of the output is omitted) 

Note the "Administrative Mode" is no longer "dynamic Auto" and the Trunking 
encapsulation is set to ISL. 

On Cat -2 

Cat-2(conng)#int FO 19 

C at - 2( co n fig- if)?*Svv itch port mode dynamic desirable 

Cat-2i;coniig-ii)#N[> shut 



CCIE R&* b\ Narlrik Ku char inns 



Ad* anctd CCIE R&<> Wurk Book 2.0 

C 2009 Varhib Kucha riant. All rijjhU ratrvwl 



Page 16 of 1068 



To verify the configuration: 



On Cat-2 



Cat -2# Show interlace F Q 1 9 Switchport 



Name: FaO 19 
Switchport: Enabled 
Administrative Mode: dynamic 




Note the operational mode changed 
from "Down" to "Trunk". 



Operational Mode: Trunk 4 

Administrative Trunk ing Encapsulation: negotiate 

Operational Trunking Encapsulation: is! 

i The rest of the output is omitted) 

Note the mode is set to "Dynamic Desirable" and the "Administrative Trunking 
Encapsulation" is set to "negotiate" and the next line reveals the encapsulation mode that 
this port has negotiated, in this case ISL. 

On Cat-1 



Cat- l#Show interlace trunk 



Port Mode 

Fatly 19 on 



Encapsulation Status 
isl (run king 



Port Mans allowed on t 

FaO 19 1-4094 

Port Mans allowed and active in management domain ~~~y This column reveals the 
)/19 configured Trunking mode 




Port Mans in spanning tree forwarding statc^aTw not pained 

FaO 19 1 j>r \ Note Cal-2 negotiated an ISL 

Trunk, whereas, Cat-1 did not. 
On Cat-2 

Cat-2#Show interlace tru 



Port Mode *"' Encapsulation Status Native v Ian 

FaO '19 desirable n-isl trunking 1 

Port Vlans allowed on trunk 

FaO/ 19 1-4094 



CCIE R&S. b\ Narbik Kuirhar lam Aih anted CCIE R&S Wurk Buuk 2.0 

C 2009 \srl>ik Kudiariam. All rijjhU reserved 



Page 1" of 1068 











Port Vlans allowed and active in management domain 
FaO. 19 1 

Port Vlans in spanning tree forwarding state and not pruned 
FaO/ 19 I 






Task 4 

Configure an 1SL trunk between Cat-1 and Cat-2 using FO/20 based on the following 
policy: 

Cat-1 - FO/20 -^ this port should be configured into permanent Trunking mode and it 
Should negotiate to convert the neighboring interface into a trunk 

Cat-2 - FO/20 *^ this port should be configured to negotiate a trunk ONLY if it receives 
Negotiate packets from a neighboring port; this port should never start 
Th c n ego t iatio n proc ess 








On Cat-1 

Cat-l(conng)#int f0'20 
Cat-l(config-if)#Switchport trunk encap isl 
Cat-l(contig-if)r*Switchport mode trunk 
Cat-l(conng-if)#NO shut 

To verify the confix urati on: 

On Cat-1 

Cat- l#Sk>w interface F0'20 Swi ' inc Administrative Mode 




Ad mi n ist rati vc Mode: t iu nk 

1 The rest of the output is omitted) 

Cat- l#Sh inter status | inc FaO 20 

FaO/ 20 nolconnect 1 auto auto 10/ 100BaseTX 

Note just because the output states that this interface is in "not connect" state, it does 
not mean that the interface is not connected to any device, it means that it has not 
detected any signaling from neighboring interface. 


a 


ZIE R&!s b) Sarlilk kuirhar iunx Ad* unccd C'CIE R&S Work Book 2.11 Page MqfM 

C2009 Wl>ik Kucha rum. All riflhu reserved 


6i 





On Cat-2 

Cat-2(con%)#int ffl'20 

Cat-2(con%-iiV*Switchport mode dynamic auto 
Cat-2(con%-if)#NO shut 

To vL'rit'v the cont'iauratinn: 

On Cat-2 

Cat-2#Shmv inter ft) 20 Switchport Inc Administrative Mode 

Administrative Mode: dynamic auto 

(The rest of the output is omitted) 

Note the "Administrative Trunking Encapsulation" is set to "ISL" on Cat-1, 
whereas, on Cat-2 its set to "negotiate". 

If this task stated that FH/20 on Cat-2 should negotiate JSL ONLY , then, configuring 
"switchport mode dynamic auto" will not suffice and the "Switchport trunk 
encapsulation isl" needs be added to the configuration of Cat-2's FU'''2(). 

On Cat-1 

Cat- lf*Show inter trunk 

Port Mode Encapsulation Status Native vlan 

FaO'19 on isl trunking 1 

FaO.'KI on isl trunking 1 

(The rest of the output is omitted) 

On Cat-2 

Cat-2*Sho\v inter trunk 

Port Mode Encapsulation Status Native vlan 

Fat) 1 19 desirable n-isl trunking I 

FaO'20 auto n-isl trunking 1 

f The rest of the output is omitted) 



CCIE R&* by Narbik Kuchar tans Ad* anetd CCIE R&S Work Book 2.(1 Page 19 of 1068 

C2009 Wl>ik Kudu rum. All rijjhu rcim'dl 



Task 5 

Configure an 1SL Trunk between Cat-! and Cat -3 using FQ'21 interface, These ports 
should be configured to negotiate to eonvert the neighboring interface into an ISL trunk, 
but should NOT be in pennanent tainkmg mode. 



On Both Switches: 

Cat-x(config)#int HI 2 1 

Cat-xfconlig-if)rrSwilehport trunk encapsulation i si 

Cat-x(conng-if)"sv*itdiport mode dynamic desirable 

Cat-x(coniig-if)#NO shut 

To verify the cont'iauration: 

On Cat-1 

Cut- 1-Sliov. inter ffl/21 switehport Ine Administrative Mode 
Administrative Mode: dynamic desirable 

Cat- l"Sho\v inter trunk 

Port Mode Encapsulation Status Native vlan 

Fall 19 on isl trunk ing 1 

FaO/20 on isl trunk ing 1 

Fall' 21 desirable isl tr unking 1 

f The rest of the output is omitted) 

On Cat-3 

Cat-3r*Sho\v inter fl). 21 Switehport Ine Administrative Mode 
Administrative Mode: dynamic desirable 

Cat-3#Show inter trunk 

Port Mode Encapsulation Status Native vlan 

FaO.' 21 desirable isl t run kin y 1 

f The rest of the output is omitted/ 



CCIE R&<* bj Narbik Kothar Lam Ad* ancird CCIE R&S Work Book 2.11 Page 20 of 1068 

C 2009 Wl>ikKudi«runi. All rijhU renrrved 



Task 6 

Configure an 1SL trunk between Cat- 1 and Cat-3 using FO/22 interface based on the 
following policy: 

Cat-1 — FO/22 "^ this port should be configured to actively attempt to convert the link to 
A trunk 

Cat-3 — FO/22 *^ this port should be configured to negotiate a trunk ONLY if receives 
negotiation packets from a neighboring port; this port should never 
start the negotiation process 



On Cat-1 

Cat-l(config)#intfl)22 

Cat- l(config-if)?*s witch port trunk encapsulation isl 

Cat-](coniig-if!i#swi mode dynamic desirable 

Cat-l(coniig-if)#\0 shut 

On Cat-3 

Cat-3(config)#int fl) 22 

Cat- 3( con tig- if)?* Switch port mode dynamic auto 

Cat-3(config-if)??M) shut 



To verify the configuration: 



On Cat-1 

Cut- l#Show interface fl.1'22 Switchport Inc Administrative Modi* 
Administrative Mode: dynamic desirable 
Cat- 1-Show interface trunk 

Port Mode Encapsulation Status Native v Ian 

FaO/19 on isl trunking 1 

FaO/20 on isl trunking 1 

FaO 21 desirable isl trunking 1 

FaO/22 desirable isl trunking 1 
(The rest of the output is omitted/ 

On Cat-3 



CCIE R& S bj N ar bik Kochar ia its Ad* utc l d CC1 E R& S Wo rk Boo k 2 . II Page 21 of 1 068 

C2009 Marbik. Kucha run*. Ail rijjhu raerved 



Cat-3~Show interlace ft)/22 switchport Inc Administrative Mode 

Administrative Mode: dynamic auto 

Cat-3#Show interlace trunk 

Port Mode Encapsulation Status Native vlan 

FaO/21 desirable isl trunking 1 

Fall' 22 auto n-isl trunking 1 

f The rest of the output is omitted) 

If the "Switchport trunk encapsulation ISL" was added to Cat-3'S FO/22 interface, 
the "encapsulation" column in the output of the "Show interface trunk" command 
would have been "isl" and NOT "n-isl" which means negotiated ISL. 



Task 7 

Configure an ISL trunk between Cat- 1 and Cat -4 using F 0/2 3 interlace: these switches 
should be configured into permanent trunking mode and negotiate to convert the 
neighboring interface into a trunk. 



On Cat-1 & Cat-4 

Cat-xfcontig')T*int ft) 23 

Cat-x(conlig-if)nSwitchport trunk encapsulation isl 
Cat-x(contig-if)r*Switehport mode trunk 
Cat-x(conlig-if)#NO shut 



To verify the configuration: 



On Cat-1 

Cat- lfrShow inter Ft) 23 switchport Inc Administrative Mode 

Administrative Mode: trunk 

Cat- l^Show inter trunk 

Port Mode Encapsulation Status Native vlan 

Fat).' 19 on isl trunking 1 

Fat). 20 on isl trunking 1 



CCIE R&«i b\ Narlnk Kuchar inns Aih ancird C'CIE R&S Work Buck 2.11 Page 22 of 1068 

C 2009 NarbikKochariana. All rig h Unnerved 



FaO/21 desirable isl tr Lin king 1 

FaO/22 desirable isl trunking 1 

FflO/23 cm isl trunking 1 

(The rest of the output is omitted) 

On Cat-4 

Cat-4#Sh int F0'23 swi I Inc Administrative Mode 

Administrative Mode: trunk 

Cat-4^Sho\v inter trunk 

Port Mode Encapsulation Status Native vlan 

FaO/23 on isl trunking 1 

( The rest of the output is omitted) 



Task 8 

Configure an ISL trunk between Cat-1 and Cat-4 using interface F0'24: these ports 
should NOT use DTP to negotiate a Trunk. 



On Cat-1 

Cat- l(config')«int FO 24 

Cat- If conng-ifi^s witch port trunk encapsulation isl 

Cat-l(config-ifj#sv*itchport mode trunk 

Cat- 1 ( co n fig- if)#sv* itch port nonegotiate 

Cat- 1( con tig- if)#Nc> shut *v 

\ This command disabled DTP, hut it 
On Cat-4 \ MUST be configured after the 

/ "switch port mode trunk'" command 
Cat- l(config)#int FO 24 / 

Cat-l(contig-itV*switchport trunk encapsulation isl 
Cat-l(config-if)r*switchport mode trunk/' 
Cat-](.config-if)#switchport nonegotiate 
Cat-](config-if)#NO shut 

To verify the configuration: 



C€!E R&* bj Narbik Kothar iam Ad* utctd CC1E R&S Work Buok 2.11 Page 23 of 1068 

C 2009 Varl>ik Kucha riam. All rijjhU ratrved 



On Cat-1 

("nt-tsSh int FO 24 swi Inc Administratis ModL-INegotiation 

Administrative Mode; trunk 
Negotiation of Trunking: PIT 

Cat- l#Show int trunk 



Port 


Mode 


line Lip.'- 


illation 


Status Native vlan 


Fat); 19 


on 


isl 




trunking 1 


FaO/20 


o n 


isl 




trunking 1 


FaO/21 


desirable 


isl 




trunking 1 


FaO 22 


desirable 


isl 




trunking 1 


FaO 23 


on 


isl 




trunking 1 


FaO.' 24 


on 


isl 




trunking 1 


i The rest of the otttf 


ut is omitted) 




On Cat 


-4 








Cat-4*Sh 


int FQ'24 swi | Inc 


Administrative Mode Xcgotiatio n 



Administrative Model trunk 
Negotiation of Trunking: Oil 

Cat -4^ Show int trunk 

Port Mode Encapsulation Status Native vlan 

FaO/23 on isl trunking 1 

Fall' 24 on isl trunking 1 

(The rest of the output is omitted/ 



Task 9 

Configure a Dotlq trunk between Cat-2 and Cat-4 using FO/21 interface based on the 
following policy: 

Cat-2 - FO/21 ~^ this port should be configured into a permanent Trunking mode and it 
Should negotiate to convert the neighboring interface into a trunk 

Cat-4 — FO/2 1 -^ this port should be configured to actively attempt to convert the link to 
A trunk 

COE R& S bj N ar bik Koohar ia its Ad* uic l d CCl E R& S Wa rk Boo k 2 . II Page 24 of I MS 

C2009 \«rl»ik Koch* ruins. All rijhu raerved 



On Cat-2 

Cat-2(config)#IntFU'2] 

Cat-2(config-iiV*Sviitehport trunk encapsulation dotlq 

Cat-2( con fig- if)** Switch mode Trunk 

Cat-2(config-i t>N () Shutdown 

On Cat -4 

Cat-4(config)#int ffl/21 

Cat-4(config-if)#switehport mode dynamic desirable 

Cat-4(config-ii>*NO shut 

To verify the configuration: 

On Cat-2 

Cat-2#Sh int trunk Exc isl 

Port Mode Encapsulation Status Native v Ian 

FaO/21 Ml 802. lq t run king 1 

(The rest of the output is omitted) 

On Cat-4 

Cat-4**Sho\v int trunk exc isl 

Port Mode Encapsulation Status Native vlan 

Fad/ 21 desirable n«802.1q t run king 1 

(The rest of the output is omitted/ 



Task 10 

Configure a trunk hetween Cat-2 and Cat-4 using F0 22 interface; you should use an 
industry standard protocol for the trunking encapsulation hascd on the following policy: 

Cat-2 - FO/22 r^ this port should be configured into permanent Trunking mode and it 
Should negotiate to convert the neighboring interface into a Trunk 

Cat-4 — FO/22 -^ this port should be configured to negotiate a trunk ONLY if receives 
Negotiate packets from a neighboring port; this port should never start 
The negotiation process 

CCIE R& S b> N ar bik Ku char ia its Ad* Kite td CCI E R& S Wo rk Boo k 2 . II Page 25 of 1 068 

2009 N«r bik Kochj runs. All rijhu raerved 



On Cat-2 




Cat-2(config)#int ft) 22 




C at - 2( co niig-i IV s Switch port trunk t 


.iicap dotlq 


Cat -2( con fig- if)?* Switch port mode t 


runk 


Cat-2(config-if)#N() shut 




On Cat-4 




Cat-4(config)#int ft) 22 




Cat-4(config-if)#5vvi mode dvnamic 


auto 


Cat-4(config-if)#\0 shut 




To verify the configuration: 




On Cat-2 




Cat-2#Sho\v int trunk exc isl 




Port Mode Encapsulation 


Status Native vlan 


FaO/21 on 802. lq 


trunking 1 


Fa(»/22 on 802. lq 


t run kin y 1 


(The rest of the output is omitted) 




On Cat-4 




Cat-4#Sh int trunk exc isl 




Port Mode Encapsulation 


Status Native vlan 


FaO/21 desirable n-802. lq 


trunking I 


FaO/22 auto n-802. lq 


trunking 1 


(The rest of the output is omitted) 





Task I 1 

Configure a Trunk link between Cat -3 and Cat-4 using FQT9 interface. These ports 
should be configured to negotiate to convert the neighboring interface into a dot I q trunk, 
but they should NOT be in permanent trunking mode. 



On Both Snitches: 



CCIE R&5, b) Narbik Kochar Lams Ad* mured CC1E R&S Work Buok 2.11 Page 26 of 1068 

O2009 Narbik Kucha ria nx All rijjhu raerved 



Cat-x(config)#int tiOtlQ 

Cat-xfconfig-if^svMtehport trunk encapsulation dotlq 
Cat-xfconfig-iiVsswitchport mode dynamic desirable 
Cat-x(ajnfig-if)#\0 shut 


To verify the configuration: 




On Cat-3 




Cat-3#sh int trunk cxc isl 




Port Mode Encapsulation Status 
FaO/19 desirable 802. lq t run king 

( The rest of the output is omitted) 


Native vlan 
1 


On Cat -4 




Cat-4frSho\v int trunk Exc isl 




Port Mode Encapsulation Status 
FaO/19 desirable SOllq t run king 
FaO/21 desirable n-802.1q trunking 
FaO/22 auto n-802.1q tmnking 
i The rest of the output is omitted) 


Native vlan 
1 

1 
I 



Task 12 

Configure a Dotlq trunk between Cat-3 and Cat-4 using FO 20 interface based on the 
following policy: 

Cat-3 — FO/20 -^ this port should be configured to actively attempt to convert the link to 
a Trunk. This port should NOT be in permanent tmnking mode. 

Cat-4 - FO/20 -^ this port should be configured to negotiate a trunk ONLY if receives 
Negotiation packets from a neighboring port: this port should never 
start the negotiation process. 



On Cat-3 

Cat-3(config)#int ffl'20 

Cat-3(config-i0r*switchpiirt trunk encapsulation dotlq 



€€IE R&'s b\ Nurlilk Kuchar inns Ad* ancird CC1E R&S Work Book 2.11 Page 27 afI068 

C2Q09 Varhik Kucha riani. All rijjhu mervetl 



Cat-3(conng-iiV*swi mode dynamic desirable 

Cat-3(config-if)#NO shut 




On Cat-4 




Cat-4(coniig)#int ffl'20 

C at "4( con tig- if)ff Switch port mode dynamic ant 

Cat-4(contig-it>#N() shut 





I'd verify the ctinfiguration: 




On Cat-3 




Gat-3#Sh int trunk Exc isl 




Port Mode Encapsulation Status 
FaO/19 desirable 802. lq trunking 
FaO/20 desirable 8(12. lq trunking 
(The rest of the output is omitted) 


Native vlan 

I 
1 


On Cat-4 




Cat-4#Sh int trunk exc isl 




Port Mode Encapsulation Status 
FaO/19 desirable 802.1 q trunking 
Fall' 20 auto 802. lq 1 run kin u 
FaO/21 desirable n-802.lq trunking 
FaO/22 auto n-802.lq trunking 
(The rest of the output is omitted) 


Native vlan 



Task 13 

Configure a Dot lq trunk between Cat -2 and Cat-3 using FO/23 interface: these switches 
should be con figured into permanent trunking mode and negotiate to convert the 
neighboring interlace into a trunk. 



On Both Switches: 



Cat- xi co n tig )#in t F 0.' 2 3 



CCIE R&* b) Sarblk Kochariaiw Ad* ancird CCIE R&S Work Book 2.11 

C 2009 Varbik Kucha rianx All rijjh U reserved 



Page 28 of 1068 



C at - x(co n tig- ifV*s witch port trunk encapsulation dotlq 
Cat-xfcontig-itySwitehport mode trunk 
Cat-x(coniig-ii)#NO shut 



To verify the configuration: 



On Cat-2 

Cat-2#Sh int trunk cxc isl 

Port Mode Encapsulation Status Native vlan 

FaO/21 on 802. lq trunking I 

FaO/22 on 802. lq trunking 1 

FaO/23 on 802. lq trunking 1 

(The rest of J lie output is o mine tit 

On Cat-3 

Cat-3r*Sh int trunk cxc isl 

Port Mode Encapsulation Status Native vlan 

.'19 desirable 802. 1 q trunking I 

20 desirable 802. lq trunking 1 

Fa/0/23 on 802. lq trunking 1 

(The rest of the output is omitted) 



Task 14 

Configure a Dotlq trunk between Cat-2 and Cat-3 using interface F0 24: these ports 
should NOT use DTP to negotiate a Trunk. 



On Both Switches: 

C at-x( co n fig)#in t F 0/24 

Cat-x(conlig-]f)"Sv%itehport trunk encapsulation dotlq 
C at -x( con tig- if)* Switch port mode trunk 
Cat-x(conng-if)r*Sw heliport noneyotiate 
Cat-x(coniig-it')#\0 shut 

l'o verify the configuration: 



CCIE R&5, bj Narbik Kochar tuns \d\ ■anted CC1E R&S Work Book 2.11 Page 29 of 1068 

£2009 Varbik Kucha riani. All right! rtitrvnl 



On Cat 


_2 




Cat-2#Sh 


int trunk 1 cxc isl 




Port 


Mode Encapsulation Status Native vlan 


FaO/21 


on 802. lq tainking 


I 


Fa0/22 


on 802. lq tmnking 


1 


FaO 23 


on 802. lq tmnking 


1 


FaO/ 24 


cm 802.1 q Irunkiny 


1 


(The rest of the output is omitted/ 




On Cat 


-3 




Cat-3#Sho\v int trunk 1 cxc isl 




Port 


Mode Encapsulation Status 


Native vlan 


FaO/ 19 


desirable 802. lq tmnking 


1 


FaO/20 


desirable 802. lq tainking 


1 


FaO/23 


on 802. lq trunking 


i 


F ii(> ' 24 


cm 802. lq (run king 


1 


(The rest of the output is omitted) 





Task 15 

Configure the following VLANs on Cat- 1 and ensure that they arc propagated to the 
other switches: 

VLANs 2- 10. 100, 200, 300, 400. 120, 130. 140.230. 240. and 340 



On Cat-1 

Cat- 1 (config)#vlan 2- 10, 100,200,300,400, 1 20, 1 30, 140,230,240,340 
Cat- l(coniig-vlan)#exit 

To verify the configuration: 



On All Switches: 



Cm-x-Sh v:an br:c b VLAX0002 



CCIE R&* b> Narbik Kochiiriaiw Advanced CCIE R&S Wurk Buuk 2.0 Page 30 of 1068 

204)9 \sr bit Kh durum. All rijjhu rcirrvcd 



2 VLAN0002 


active 


3 VLAX0003 


active 


4 VLAX0004 


active 


5 VLAN0005 


active 


6 VL AND 00 6 


active 


7 VLAX0007 


active 


8 VLAN0008 


active 


9 VLAX0009 


active 


10 VLAXOOTO 


active 


100 VLAXOIOO 


active 


120 VLAX0120 


active 


130 YLAX0130 


active 


140 VLAX0140 


active 


200 VLAX0200 


active 


230 VLAX0230 


active 


240 VLAX0240 


active 


300 VLAX0300 


active 


340 VLAX0340 


active 


400 VLAX0400 


active 


f The rest of the output is 


omitted) 



Task 16 



Configure the trunks based on the following policy: 



Policy Item 


Trunk Interface: 


Betw een Sw itches 


Allowed MAN'S 


I 


FG 19 


Cat- 1 <—» Cat-2 


ONLY 120 


2 


F0 2 1 


Cat -2 «--» Cat -4 


ONLY 240 




F0 19 


Cat -3 <--> Cat -4 


ONLY 340 


4 


F0 2 1 


Cat-1 *--» Cat-3 


ONLY 130 


§ 


F0 23 


Cat-1 <--> Cat -4 


ONLY 140 


n 


F023 


Cat-2 <—» Cat-3 


OXLY 230 



Fultcv item 1 : -*- 



The output »f the fallowing Show command reveals the default status of the trunk: 

Cat- ["Show inter trunk B Vlans allowed on trunk 
Port Vlans allowed on trunk 



C€!E R&«* b) Narbik Kochariaiw Advanced CCIE R&«* Wurk Book 2.0 

C 20419 \arl>ik Kucha rianx All rights rwervwl 



Page 31 of 1068 













FaO/ 19 1-4094 








FaO. 20 1 -4094 








Fa0/21 1-4094 








FaO/22 1-4094 








FaO/23 I -4094 








Fa0/24 1 -4094 








Port Vlans allowed and active in management domain 








FaO,' 19 1 - 1 J 00 , 1 20 , 1 30, 14 , 20 ,2 3 ,24 30 , 34 ,40 








FaO/20 1-10,100,120,130,140, 20 ,2 3 ,24 ,30 , 34 ,40 








FaO/21 1-10, 100,120,1 30, 140,200,230,240,300,340,400 








FaO/22 1 - 1 , 100 , 1 20 , 1 30 , 1 40 ,200 ,230,24 ,30 , 34 ,40 








FaO/23 1 - 10,100,120,130,140,200,230,240,300,340,400 








FaO, 1 24 1-10,100,120,130,140, 200 ,2 3 ,24 ,30 , 34 ,40 








(The rest of the output is omitted) 








To configure the task: 








On Both Switches: 








Note the following command ONLY allows V'LAN 120 on the trunk 








Cat-.\(conng)#int HV19 








Cat-x(config-ii>Switdiport trunk allowed VLAN 120 








To verify the configuration: 








On Cat-1 








Cat- l?*Sho\v int trunk 1 B Vlans allowed on trunk 








Port Vlans allowed on trunk 








Fad.' 19 12(1 








FaO 20 1-4094 








FaO/21 1-4094 








FaO/22 1-4094 








FaO 23 1-4094 








FaO '24 1-4094 








Port Vlans allowed and active in management domain 








Fall.' 19 120 








FaO/20 1-10,100,120,130,140, 20 ,2 3 ,24 ,30 , 34 ,40 








FaO/2 1 1-10,100,120,130, 140 ,20 ,230 ,24 ,30 , 34 ,40 








FaO/22 1-10,100,120,130,140, 20 ,2 3 ,24 ,30 , 34 ,40 








FaO 23 1-10.1 . 1 2 . 1 3 0, 1 4 . 20 .2 3 .24 .30 , 34 ,40 






c< 


ZIE R&S bj Narlrik Kueharians AihancLil CC1E R&S Work Bunk 2.IJ 


Page 32 of 16 


<68 


C 2009 Varbik. Kucha run*. All rryhU reitn til 





FaO/24 1 - 10 , 1 00 , 1 2 ,1 3 , I 4 , 20 ,2 3 ,24 ,30 , 34 ,40 
(The rest of the output is omitted/ 



Policy item 2: ■«- 



On Cat -2 and Cat-4: 

Cat-x(con%')#int ft)/2 1 

Cat-x(conng-if)#s witch port trunk allowed vlan 240 

To verify the configuration: 

On Cat-4 

Cat-2#Snow int trunk I B Vlans allowed on trunk 



Port 


Vlans allowed on trunk 


Fall/ 19 


12(1 


FaO/20 


1-4094 


Fall/ 21 


240 


m 22 


1 -4094 


FaO/23 


1 -4094 


FaO 24 


1-4094 



Purl Vlans allowed and active in management domain 

Fad/ 19 1211 

FaO ' 20 1 - 1 , 100 , 1 20 , 1 30, 140 ,20 ,2 3 ,24 ,30 , 34 ,40 

Fad.' 21 24 

FaO/22 1-10,100,120,130, 140 ,20 ,2 30 ,24 ,30 , 34 ,40 

FaO/23 1-10, 100,120,1 30, 140,200,230,240,300,340,400 

FaO/24 1-10,1 00 ,120,130,140, 20 ,2 3 ,24 ,30 , 34 ,40 

( The rest of the output is omitted) 

On Cat-2 

Cat-4#Sho\v int trunk I B Vlans allowed on trunk 

Port Vlans allowed on trunk 

FaO 19 1-4094 

FaO '20 I -4094 

Fad.' 21 24 

FaO/22 1-4094 

FaO 23 1-4094 



COE R&* b) Narbik Kothar iam Advanced CCIE R&S Work Book 2.11 Page 33 of 1068 

O2009 \arl>ib Kucha riani. All rijjhu raerved 



FaO/24 1-4094 

Port Vlans allowed and active in management domain 

Fall 1 9 I - 1 0,100,1 20,130,140,200 ,230,240300, 340,400 

FaO/20 1 - 1 , 100 , 1 20 , 1 30, 14 , 20 ,2 3 ,24 ,30 , 34 ,40 

FaO/21 24(1 

FaO/22 1-10,100,120,130,14030,230,240,300,340,400 

) 2 3 1-10,100,120,130,140, 20 ,2 3 ,24 ,30 , 34 ,40 

1/24 1-10,1 00 ,120,130,140 ,20 ,2 3 ,24 ,30 , 34 ,40 
f The rest of the output is omitted) 

Policy Item 3: * 



On Cat-3 and Cat-4 

Cat-.\(config)#int 10,19 
Cat-x(coniig-ii)#$vvitehport trunk allowed vlan 340 



To verify the configuration: 



On Cat-3 



Cat -3- Show int trunk B Wans avowed on trunk 



Port 
FaO/19 

FaO 20 
FaO/21 

)/22 
) 23 
FaO/24 

Port 
FaO/ 19 
FaO/20 

Fill 1 1 
FaO 22 
FaO' 2 3 
FaO/24 



Vlans allowed on trunk 
34 (I 
1 -4094 
I -4094 
! -4094 
I -4094 
1 -4094 

Vlans allowed and active in management domain 
340 



1 - 10, 100,1 20,1 30, 140,200,230,240,3 
1-10,100,120,130,140,200,230,240,3 
1-10, 100,120,] 30, 140,200,230,240,3 
1-10,100,120,130,140,200,230,240,3 
1-10, 100,1 20,1 30, 140,200,230,240,3 



10,340,400 
10,340,400 
10,340,400 
10,340,400 
10,340,400 



( The rest of the output is omitted) 



On Cat-4 



Cat -4* Show int trunk B Vlans allowed on trunk 



CCIE R&*> t>> .Nurbik kuL-har tuns Aih aneed CC1E R&<> \\ urk Buok 2.0 

C 2009 Narbik Kucha rianx All rig his reserved 



Page Uaf 1068 



Port Vlans allowed on trunk 

FaO/19 34 

FaO/20 1-4094 

FaQ/21 240 

FaO/22 1 -40 94 

FaO/23 1 -4094 

FaO/24 1 -4094 

Port Vlans allowed and active in management domain 

Fa0/I9 34 

FaO '20 1 - 10, 100,1 20,1 30, 140,200,230,240,300,340,400 

FaO/ 21 240 

FaO 22 1-10,100,120,1 30, 140, 20 ,2 3 ,24 ,30 , 34 ,400 

FaO/23 I - 10, 100,120,1 30, 140,200,230,240,300,340,400 

Fa0/24 1 - 10, 100,120,1 30, 140,200,230,240,300,340,400 
/ The rest of the output is omitted) 



Policy Item 4: « 

On Cat- 1 anil Cat -3 

Cat-x(coniig)#int fD/21 

Cat-x(config-il)#switi:hport trunk allowed vlan 130 

To verify the configuration: 

On Cat-1 

Cat- l#Snow int trunk I B Vlans allowed on trunk 



Port 


Vlans allowed on trunk 


FaO/ 19 


120 


FaO 20 


! -4094 


FaO/ 21 


130 


FaO/22 


I -4094 


FaO 23 


1 -4094 


FaO 24 


1-4094 



Port Vlans allowed and active in management domain 

FaO 19 120 

FaO/20 1 .10,100,120,130,140,200,230,240300,340,400 

FaO/ 21 130 

FaO/22 1 - 1 , 100 , 1 20 , 1 30, 14 , 20 ,2 3 ,24 ,30 , 34 ,40 

FaO 23 1-10.100,120,130.140- 20 .2 3 .24 .30 . 34 .40 



eC!E R&5, bj Narbik Kochariam AiU ancL-d CC1E R&S Work Buuk 2.11 Page 3S of 1068 

C 3J0O9 \iirl>ik Kucha riaiu. All rijjhU rcirnMl 



FaO/ 24 1- 10, 100,1 20, 130\ 140,20 ,2 3 Q ,24 30 , 34 0,40 
(The rest of the output is omitted/ 

On Cat-3 

Cat-3#Show int trunk ! B V r lans allowed on trunk 



Port 


Vlans allowed on trunk 


FaO/ 19 


340 


FaO 20 


1-4094 


FaO.' 21 


130 


FaO/22 


1 -4094 


FaO/23 


1 -4094 


FaO 24 


1 -4094 



Port Vlans allowed and active in management domain 

FaO 19 340 

FaO/20 I - 1 J A 2 J 3 0, 140, 20 ,2 3 ,24 ,30 , 34 0,40 

FaO/ 21 130 

FaO 22 1 - 10,1 DO ,120,130,140, 20 ,2 3 ,24 ,30 , 34 ,40 

FaO 2 3 1-10,1 00 ,120,130,140, 20 ,2 3 ,24 ,30 , 34 ,40 

FaO ,'24 I- 10, 100,1 20,1 30, 140 ,200 ,230 ,24 ,30 , 34 ,40 

( The rest of the output is omitted/ 

Policy Item 5: -« 



On Cat- 1 and Cat-4 

Cat-x(conlig)r*int FO 23 
Cat-xfcontig-ift^Jwitchport trunk allowed vlan 140 

To vcrit'v the configuration: 

On Cat- 1 

Cat- l#Show int trunk I B Vlans allowed on trunk 



Port 


Vlans allowed on trunk 


FaO/ 19 


120 


FaO 20 


1-4094 


FaO/21 


130 


Fail 22 


1 -4094 


FaO/ 23 


140 



CCIE R&* b) Narbik Kochar tans Ad* anted CC1E R&S Work Book 2.11 Page 36 of 1 068 

O2009 Varhik Kucha riani. All rijhti renrrved 













Fat) 24 1-4094 








Port Vlans allowed and active in management domain 








Fat); 19 120 








FaO/20 1 - 1 , 100 , 1 20 , 1 30, 14 , 200 ,2 3 ,24 ,30 , 34 0,40 








Fat) '21 130 








Fat). 22 1 - 10, 100,120,1 30, 140 ,200 ,2 3 0,24 0,30 0,34 0,400 








Fat)/ 23 140 








Fat)/24 1-10,1 00 ,120,130, 140 ,200 ,2 3 ,240 ,300 , 34 ,40 








(The rest of the output is omitted) 








On Cat-4 








Cat-4#Snow int trunk | B Vlans allowed on trunk 








Port Vlans allowed on trunk 








Fat)/ 19 340 








Fa0/20 1-4094 








Fat)/21 240 








Fat)/22 1-4094 








Fa(>;23 140 








Fat) ,24 1-4094 








Port Vlans allowed and active in management domain 








Fat); 19 340 








Fat);'20 i -10,100,120,130,140,200,230,240,300,340,400 








Fat)/21 240 








FaO/22 1 - 10, 100,120,1 30, 140,200,230,240,300,340,400 








Fafl/23 140 








Fat)/24 1-10,100,120,1 30, 140 ,200 ,2 30 ,24 ,30 , 34 ,40 








(The rest of the output is omitted) 








Policy Item 6: 






On Cat-2 and Cat-3 




Cat-x(config)T*int F023 








Cat-xi'contig-iiV*Svtiti:hport trunk allowed \Ian 230 








To verify the configuration: 








On Cat-2 






CC1E R&«* b) NarbLk Kochuriuns Advanced CCIE R&S Work Book 2.U 


Page 3? of 1068 


C 2009 Varbik Kucha rum. All rij|lilj reserved 





Cat-2*Show int trunk B Vlans allowed on trunk 


Port 


Vlans allowed on trunk 


FaO/19 


120 


FaO/20 


1 -4094 


FaO/21 


240 


FaD/22 


1 -4094 


FflO/23 


23(1 


FaO/24 


I -4094 


Port 


Vlans allowed and active in management domain 


FaO/19 


120 


FaO/20 


1-10,100,120,130, 140,200 ,2 30 24 ,30 , 34 0,40 


FaO/21 


240 


FaO/22 


1- 10, 100,1 21U 30, 140,200,230,240,300,340,400 


FaO/23 


230 


FaO/24 


I.10J00J20J 30, 140,200,230,240,300,340,400 


i The rest of the output is omitted) 


On Ca 


t-3 


Cat-3-Show int trunk B Vlans allowed on trunk 


Port 


Vlans alb wed on trunk 


FaO/19 


340 


FaO/20 


1 -4094 


FaO/21 


130 


FaO/22 


1 -4094 


FaO/23 


23 


FaO/24 


I -4094 


Port 


Vlans allowed and active in management domain 


FaO/19 


340 


FaO/20 


1 - 10 , 100 , 1 20 , 1 30, 14 ,200 ,2 3 ,240 ,30 , 34 ,400 


FaO/21 


130 


FaO/22 


1-10, 100, 120, 130, 140, 200 ,2 30 2240,300, 34 0,400 


FaO/23 


230 


FaO/24 


1 - 10, 100,1 20,1 30, 140,200,230,240,300,340,400 


i The rest of the output is omitted) 



CCIE R& S by N ar bik Ku char ia ns Ad v aru: l d CCl E R& S Wo rk Boo k 2 .0 Page 38 of 1 068 

C2009 Wl>ikKiidnrun«. All rijjhu rcim'dl 



Task 17 



Add VLAXs to the allowed list of the trunk hascd on the following chart: 



Polict Itt'Ill 


Trunk Interface: 


Between Switches 


Allowed VI.AVs 


I 


FO 19 


Cat-1 <--» Gat-2 


100 


■^ 


FO 2 1 


Cat-2 «--» Cat 4 


200 




FQ19 


Cut -3 «--» Cat 4 


300 


4 


F023 


Cat 4 «-■» Cut 4 


400 



Policy Item 1: 



On Cat- 1 and Cat-2 

Cat-x(conn"g)#int fO 1 9 

Cat-xfconng-if^Switchport trunk allowed vlan add 100 



To verify the configuration: 



On Cat-1 

Cat- l"Sho\v int trunk ! B Vlans allowed on trunk 

Port Vlans allowed on trunk 

FaB/19 100,120 

J/20 14094 

J/21 130 

FaO/22 14094 

FaO/23 1 40 

Fafl/24 14094 

Port Vlans allowed and active in management domain 

FaO/19 100,120 

Fafl 20 I - 1 J 00 , 1 2 , 1 30, 14 , 20 ,2 3 ,24 ,30 , 34 ,40 

FaO/21 130 

FaO/22 1-10,100,120,130,140 ,200 ,2 30 ,24 ,30 , 34 ,40 

FaO/23 140 

Fall 24 1-10,1 00 , 1 20 , 1 30, 140, 20 ,2 3 ,24 ,30 , 34 ,40 

i The rest of the output is omitted) 

Cat-2#Show int trunk I B Vlans allowed on trunk 



CCIE R&* bj Narbik Kocharlam Advanced CCIE R&S Work Book 2.11 

O2Q09 \srl>ikKiidi«runi. All rijhU reserved 



Page 39 of 1068 



Port Vlans allowed on trunk 

FaO/19 100,120 

Fa0/20 1 -4094 

FaQ/21 240 

J/22 1-4094 

)/23 230 

J/24 1-4094 



Port Vlans allowed and active in management domain 

FaO/19 100,120 

FaO '20 1 - 10, 100,1 20,1 30, 140,200,230,240,300,340,400 

FaO.' 21 240 

Fa0/22 I - i , 100 , 1 20 , 1 30, 140 ,20 ,2 30 240 ,30 , 34 ,40 

FaO/23 230 

FaO 24 1 - 10, 100,120,1 30, 140,200,230,240,300,340,400 

f The rest of the output is omitted) 



Policy item 2: 



On Cat -2 and Cat-4 

Cat-4(config)#int fD/21 

Cat-4(coniig-if)#Svt Heliport trunk allowed vlan 200 

'I'o yerify the configuration: 

On Cat-2 

Cat-2#Show int trunk B Vlans allowed on trunk 

Port Vlans allowed on trunk 

FaO. 19 100,120 

FaO '20 I -4094 

FlIKZl 2(1(1,24(1 

Fa0/22 I -4094 

FaO; 2 3 230 

FaO.' 24 1 -4094 

Port Vlans allowed and active in management domain 

FaO 19 100,120 

FaO 20 I - 1 , 100 , 1 20 , 1 30, 140 ,20 ,2 3 ,24 ,30 , 34 ,40 

FaO.' 21 200,240 

FaO 22 1 - 10. 100.1 20.1 30. 140.200.230.240.300.340.400 



CCIE R& S b) N ar bik Kochar La m Adv anir l d CCl ER4S Wo rk Buu k 2 .0 Page 40 of 1 068 

2009 Nw-bikKocharuiiu. All rijhu r«erv«l 



FaO 23 


230 


FaO/24 


l-liJjUU.i:O.I3U.I40.:uO r 230 r 240 r 300.34U.4UiJ 


i The rest of the output is omitted) 


On Ca 


t-4 


Cat-4#Show int trLink B Vlans allowed on trunk 


Port 


Vlan s allowed on trunk 


FaO/ 19 


340 


FaO/20 


1-4094 


ftO/21 


20(1,240 


FaO/22 


1 -4094 


FaO 23 


140 


FaO/24 


1 -4094 


Port 


Vlans allowed and active in management domain 


FaO; 19 


340 


FaO/20 


1-10,100,120,130,140,200,230,240300,340,400 


FaO/ 21 


200,240 


FaO/22 


1-10, 100,120,] 30, 140,200,230,240,300,340,400 


FaO/23 


140 


FaO/24 


1-10,1 00 ,120,130,140, 20 ,2 3 ,24 ,30 , 34 ,400 


i The rest of the output is omitted) 


Policy 
On Ca 


item 3: 


t-3 and Cat -4 


Cat-x(config')#int ffl/19 


Cat-x(coniig-if)r*S\*itchpoi"t trunk allowed vlan add 300 


To verify the configuration: 


On Ca 


t-3 


Cat-3#Show int trunk B Vlans allowed on trunk 


Port 


Vlans allowed on trunk 


FaO/ 19 


300,340 


FaO/20 


1-4094 


FaO/21 


130 


FaO/22 


1-4094 



CeiE R&* b) Narbik Kochar tans Ad* mured CC1E R&S Work Book 2.11 Page 41 of 1068 

C2009 Narbik ICachjiruinx All rijjhu raerved 



FaO/23 230 
FaO/24 I -4094 

Port Vlans allowed and active in management domain 

FaO/19 30(1,340 

FaO/20 1 - 1 J 00 , 1 .20 , 1 30, 1 4 , 20 ,2 3 ,24 ,30 , 34 ,40 

FaO/21 130 

FaO/ 22 1-10,100,120,1 30, 140 ,200 ,2 3 ,24 ,30 , 34 ,40 

FaO/23 230 

FaO '24 1-10,100,120,130,140, 20 ,2 3 ,24 ,30 , 34 ,40 

(The rest of the output is omitted) 

On Cat-4 

Cat-4#Sbow int trunk I B Vlans allowed on trunk 



Port 


Vlans allowed on trunk 


FaO/ 19 


300,340 


FaO/20 


1-4094 


FaO/21 


200.240 


FaO 22 


1-4094 


FaO, 1 2 3 


140 


FaO/24 


1 -4094 



Port Vlans allowed and active in management domain 

FaO.' 19 300,340 

FaO/20 1-10,100,120,130,140, 200 ,2 3 ,24 ,30 , 34 ,40 

FaO/21 200,240 

FaO/22 I - 10,100,120,1 30,140,200,230,240,300,340,400 

FaO/23 140 

FaO 24 1-10,100,120,130,140,200,230,240,300,340,400 

(The rest of the output is omitted) 



Policy item 4: ^_ 



On Cat-1 ami Cat-4 

Cat-x(con%)#int FO 23 

Cat-x(coniig-if)r*Switchpor4 trunk allowed \lan add 400 



I o verity the configuration: 



On Cat-1 



C€!E R&«* b) Narbik Kochar turn Advanced CCIE R&S Work Book 2.11 Page 42 of 1068 

C2009 Narbik KacKaruins, All rijjhu raerved 



Cat- l#Snow int trunk ' B Vlans allowed on trunk 



Port 


Vlans allowed on trunk 


Fat); 19 


100,120 


FaO 20 


1-4094 


FaO 2 1 


130 


FaO. 22 


1-4094 


FaO/ 23 


140,400 


FaO/24 


1 -4094 



Port Vlans allowed and active in management domain 

FaO. 19 100,120 

Fa0/20 1 - 1 , 1 00 , 1 20 , 1 30, 140 ,20 ,2 30 ,240 30 , 34 ,40 

FaO, 1 21 130 

FaO/22 I - 10, 100,120,1 30, 140,200,230,240,300,340,400 

FaO.' 23 14(1,400 

FaO '24 1-10,100,120,130,140, 20 ,2 3 ,24 ,30 , 34 ,40 

i The rest of the output is omitted) 

On Cat-4 

■Cat-4r*Show int trunk | B Mans allowed on trunk 

Port Vlans allowed on trunk 

FaO. 19 300,340 

FaO 20 1-4094 

FaO,' 21 200,240 

FaQ/22 1-4094 

FaO/ 23 140,400 

)/24 1-4094 



Port Vlans allowed and active in management domain 

FaO 19 300,340 

FaO '20 1-10,100,120,130,140 ,200 ,2 3 ,24 ,30 , 34 ,40 

FaO. 1 21 200,240 

FaO/22 1 - 1 , 1 00 , 1 2 , 1 30, 14 , 20 ,2 3 ,24 ,30 , 34 ,40 

FaO/ 23 140,400 

FaO 24 1 - 1 , 100 , 1 20 , 1 30, 140 ,200 ,2 30 ,24 ,30 , 34 ,40 

t The rest of the output is omitted) 



CCIE R&* by Narbik Kodtartons Advance! CCIE R&S Work Book 2.0 Page 43 of 1068 

C2009 Wl>ikKndnrun«. All righU rcim'dl 



[ask IS 



Remove VLANs from the allowed list of the trunks based on the following chart: 



Polict Itt'IU 


Trunk In 


terface: 


Between Switches 


Allowed VI.aVs 


I 


FO 22 


Cat-1 <"» Cat-3 


Remove 1.4- 10 ONLY 


2 


F022 


Cat-2 <--» Cal-4 


Remove 2, 4- 10 ONLY 



Policy 
On Ca 


ltf l TTl 1 * -■ 


1LI.1II I. • ^t^^^ 

t-1 and Cat-3 


Cat.x(coniig)#int ft) 22 


Cat-xfconng-if^Switchport trunk allowed vlan remove 1,4-1(1 


In verify the configuration: 


On Ca 


t-1 


Cat- 1 "Show int trunk B Vlans allowed on trunk 


Port 


Vlans allowed on trunk 


FaO/ 19 


100,120 


FaO 20 


1-4094 


FaO/21 


130 


Fall.' 2 2 


2-3,11-1094 


FaO 23 


140,400 


FaO/24 


1 -4094 


Port 


Vlans allowed and active in management domain 


FaO,' 19 


100,120 


FaO/20 


1-10,100,120,130,140,200,230,240300,340,400 


FaO/21 


130 


Fall/ 2 2 


2-3,1(1(1,12(1,13(1, 140,200,230,240,300,340,400 


FaO/23 


140,400 


FaO/24 


1-10,100,120,130,140, 20 ,2 3 ,24 ,30 , 34 ,40 


(The rest of the output is omitted) 


On Cat-3 


Cat-3~Show int trunk B Vlans allowed on trunk 


Port 


Vlans allowed on trunk 



CCIE R&«* b) Narbik Kocharians Advanced CCIE R&S Work Book 2.11 

C 2009 Varfoik Kucha riant. All rights rnervnl 



Page 44 of 1068 



FaO/ 19 


300,340 


FaO.' 20 


1 -4094 


FaO. 21 


130 


FaO/22 


2^3,11-4094 


FaO 23 


230 


FaO/24 


1 -4094 


Port 


Vlans allowed and active in management domain 


FaO, 1 19 


300,340 


FaD/20 


1-10,100,120,130,140, 20 ,2 3 ,24 ,30 , 34 ,40 


FaO/21 


130 


FaO/22 


2-3400^20,130,140,200,230,24030(1,340,400 


FaO/23 


230 


FaO/24 


1.10,100,120,130,140, 20 ,2 3 ,24 ,30 , 34 ,400 


{The rest of the output is omitted) 


l'ulicv 


itimi f* J 


ILLIII — . ^ 


On Ca 


t-2 and Cat-4 


Cat-x(config)#int fl) 22 


Cat-x(config-if)?*Svt heliport trunk allowed vlan remove 2,4-10 


To verily the configuration: 


On Cat-2 


Cat-2**Show int trunk 1 B Vlans allowed on trunk 


Port 


Vlans allowed on trunk 


FaO/ '19 


100,120 


Fa0/20 


1 -4094 


FaO/21 


200,240 


Fa(l/ 2 2 


1,3,11-4094 


FaO/23 


230 


Fat) 24 


1-4094 


Port 


Vlans allowed and active in management domain 


FaO/ 19 


100,120 


FaO/20 


1 - 10 , 100 , 1 20 ,130,140 ,200 ,2 3 ,24 ,30 , 34 ,400 


FaO/21 


200,240 


FaO/ 22 


[,3,100,120, 130, 140,200,230,240,300,340,400 


FaO/23 


230 



CCIE R&* by Nurbik Kochar ium AdvaniTL-d CC1E R&S Work Book 2.11 Page 45 of 1 068 

C2009 Narbik Kacharui lis. All ri|;h Unnerved 



FaO/24 


1 - 10 , 1 00 , 1 2 , 1 3 0, 14 ,20 ,2 3 ,24 ,30 , 34 ,400 


(The rest of the output is omitted/ 


On Ca 


t-4 


Cat-4#Show int trunk 1 B Vlans allowed on trunk 


Port 


Vlans allowed on trunk 


FaO/ 19 


300.340 


FaO/20 


1 -4094 


FaO/21 


200,240 


FiiO/22 


13,11-4094 


FaO/23 


140,400 


FaO 24 


1 -4094 


Port 


Vlans allowed and active in management domain 


FaO/ 19 


300,340 


FaO 20 


1 - 10 , 100 , 1 20 , 1 30, 140 , 20 ,2 3 ,24 ,30 , 34 ,40 


FaO/21 


200.240 


FaO.' 22 


U,1(K!,12(U3(M40,2(K!,23(U40,3(KM40,400 


FaO 23 


140,400 


FaO/24 


1 - 10, 100,120,1 30, 140,200,230,240,300,340,400 


i The rest of the output is omitted) 



Task 19 



Configure Cat- 1, Cat-2 and Cat-4 based on the following chart: 



Polio Item 


Trunk Intel 


"lace: 


Between Switches 


Allowed VLAVs 


i 


F0.20 


Cat-1 <--» Cat-2 


None 


^ 


FO 24 


Cut- 1 <--» Cut -4 


None 



Policy Item #1 



On Cat-1 and Cat-2 



Cat-x(coniig)*int rtt'20 
Cat-x(coniig-if)r*Swi trunk allow vlan none 



CCIE R&* bj Narbik Kochuriaiw Advanced CCIE R&S Work Book 2.11 

C M09 \ar bib Kucha riant. All rijhU reserved 



Page 46 af 1068 



On Ca 


t-1 


Cat- I s Show int trunk B Vlans allowed on trunk 


Port 


Vlans allowed on trunk 


FaO/19 


100,120 


Fall/ 20 


no nu 


FaO/21 


130 


FaO/22 


2-3,1 1-4094 


FaO/23 


140,400 


FaO/24 


I -4094 


Port 


Vlans allowed and active in management domain 


FaO/19 


100,120 


Fa0/2fl 


none 


FaO/21 


130 


FaO 22 


2-3 s 100, 120,1 30,1 40,200,230,240,300,340,400 


FaO/23 


140,400 


FaO/24 


1 - 10, 100,1 20,1 30, 140,200,230,240,300,340,400 


i The rest of the output is omitted) 


On Ca 


t-2 


Cat-2#Sfaow int trunk B Vlans allowed on trunk 


Port 


Vlans allowed on trunk 


FaO/19 


100,120 


Fa(l/ 20 


none 


FaO/21 


200,240 


FaO. 22 


1,3,11-4094 


FaO 23 


230 


FaO/24 


1 -4094 


Port 


Vlans allowed and active in management domain 


FaO/19 


100,120 


FaO/ 20 


none 


FaO/21 


200,240 


FaO/22 


1,3,100,120,130,140,200,230,240,300,340,400 


FaO/23 


230 


FaO/24 


1-10, 100,1 20,1 30, 140,200,230,240,300,340,400 


(The rest of the output is omitted) 


Policy 


uem wl 



CCIE R&!s b\ Narliik Kuirhar tans Ad* ancird CC1E R&S Work Buuk 2.11 Page 47 of 1 068 

C 2009 Narbik. Kucha riani. All riyhu rcicnnl 













Cat-x(con%')#int ftl 24 








Cat-x(con%-if)r ! S\vi trunk allowed vlan none 








To verify the configuration: 








On Cat-1 








Cat- InSbow int trunk B Vlans allowed on trunk 








Port Vlans allowed on trunk 








FaO 19 100,120 








FaO; 20 n a n c 








FaO/21 130 








FaO/22 2-3, 1 1 -4094 








FaO; 2 3 140,400 








FaO; 24 none 








Port Vlans allowed and active in management domain 








FaO' 19 100,120 








FaO '20 none 








FaO/21 130 








FaO/22 2-3, 100, 120,1 30,140,200,230,240,300,340,400 








FaO/23 140,400 








FaO.' 24 none 








(The rest of the output is omitted) 








On Cat -4 








Cat-4-Show int trunk 1 B Vlans allowed on trunk 








Port Vlans allowed on trunk 








FaO/ 19 300,340 








FaO; 20 1-339,341-4094 








FaO/21 200,240 








FaO/22 1,3,11-4094 








FaO/23 14 0.4 00 








FaO; 24 none 








Port Vlans allowed and active in management domain 








FaO; 19 300,340 








FaO 20 1-10, 100,120,1 30, 140,200,230,240,300,400 








FaO 21 200,240 








FaO/22 1 ,3 J 00 , 1 2 , 1 30, 1 4 , 2 00, 23 , 24 ,3 ,340 ,400 








FaO 23 140,400 






c< 


ZIE R&$< bj Narbik Kocharlans Advanced CCIE R&S Uurk Book 2.0 


Page 48 of 1 6 


48 


C 2009 Mar bib Ku durum. All rijjhU reitn til 





FaO.' 24 none 

f The rest of The output is omitted/ 



Task 20 



Configure Cat- 1, Cat -3 and Cat -4 based on the following chart: 



Po li f\ item 


Trunk Interface: 


Between Switches 


Alloned VI.AV* 


I 


FO 20 


Cat- 3 <-•* Cut -4 


Ai: but 340 


•J 


FO 22 


Cut- 1 <--» Cal-3 


a:; but 130 



On Cat -3 and 4 


Cat-x(config')#int ft) 20 


Cat-x(conlig-if) s Sv*i trunk allowed vlan except 340 


In verify the configuration: 


On Ca 


t-3 


Cat-3r=Sho\v int trunk B Vlans allowed on trunk 


Port 


Vlans allowed on trunk 


FaO/ 19 


300,340 


FaO/ 20 


1-339341-4094 


Fa0/21 


130 


FaO 22 


2-3,11-4094 


FaO 23 


230 


FaO/24 


1 -4094 


Port 


Vlans allowed and active in management domain 


FaO/ 19 


300.340 


FaO/ 20 


1-10,100,120,130,140,200,230,240300400 


FaO/21 


130 


FaO/22 


2- 3, 1 00, 12 0,1 30, 140 ,200,230, 240, 30 0,340, 400 


FaO/23 


230 


FaO 24 


1 - 1 , 1 , 1 2 , 1 3 ,14 , 20 ,2 3 ,24 ,30 , 34 ,400 


(The rest of the output is omitted) 


On Cat-4 



CCIE R&«* b) Narbik Kocharians Ad* anted CO E R&<> Wurk Book 2.0 

C2009 Narhik Kucha riani. All rijjhu ratn td 



Page 49 of 1068 



Cat-4#Snow int trunk ' B Vlans allowed on trunk 



Port 


Vlans allowed on trunk 


FaO/ 19 


300,340 


FaO/ 20 


1-339341-4094 


FaO/21 


200.240 


FaO/22 


1 S 3 S 11-4094 


FaO 23 


140,400 


FaO/24 


1 -4094 



Port Vlans allowed and active in management domain 

FaO 19 300,340 

FaO.' 20 1-10,100,120,130,140,200,230,240,300,400 

FaO, 1 21 200,240 

FaO/ 22 1 ,3 A , 1 2 , 1 30, 1 4 , 2 00, 23 , 24 ,3 ,340 ,400 

FaO '2 3 140,400 

FaO '24 1-10,1 00 ,120,1 30, 140 „ 20 ,2 3 ,24 ,30 , 34 ,40 

i The rest of the output is omitted) 

On Cat- 1 and Cat-3 

Cat-x(config)#int ftl'22 

Cat-x(conlig-if)nSvii trunk allowed v Ian except 130 

I o verify the configuration: 

On Cat-1 

Cat- l#Show int trunk I B Vlans allowed on trunk 



Port 


Vlans allowed on trunk 


FaO/ 19 


100,120 


FaO 20 


none 


FaO 2 1 


130 


FaO/ 22 


1-129,131-4094 


FaO/ 2 3 


140,400 


FaO 24 


none 



Port Vlans allowed and active in management domain 

FaO 1 9 100,120 

FaO/ 20 none 

FaO/21 130 

FaO/22 1-10,100,120,140,200,230.240,300,340,400 

FaO 23 140,400 



eOE R&* bj Narbik Kocharians Advanced CCIE R&S Work Book 2.11 Page SO of 1068 

C 20419 Narbik Kucha riani. All right! reserved 



FaO/24 


none 


(The rest of the output is omitted/ 


On Ca 


t-3 


Cat-3#Show int trunk 1 B Vlans allowed on trunk 


Port 


Vlans allowed on trunk 


FaO/ 19 


300.340 


FaO/20 


1-339,341-4094 


FaO/21 


130 


FiiO/22 


1-129,131-4094 


FaO/23 


230 


FaO 24 


1-4094 


Port 


Vlans allowed and active in management domain 


FaO/ 19 


300,340 


FaO 20 


1-10, 100,120,1 30, 140,200,230,240,300,400 


FaO/21 


130 


FaO.' 22 


140,100, 120, 140,200,230,240,300£40vi00 


FaO 23 


230 


FaO/24 


1-10,1 00 ,120,130,140, 20 ,2 3 ,24 ,30 , 34 ,40 


i The rest of the output is omitted) 



Task 21 



Configure Cat-2 and Cat-3 based on the following chart: 



Polio Item 


Trunk Interface: 


Between Switches 


Allowed MAN'S 


I 


F0.23 


Cat-2 <--> Cat-3 


ALL 


1 


F0 24 


Cm. -2 <--» Clil-2 


ALL 



On Cat-2 and Cat-3 

Cat-x(conng)#int range 10 23-4 
Cat-x(config-if)#svvi trunk allow vlan all 



To vL'rit'y thf configuration: 



On Cat-2 



CCIE R&<> bj Narbik Kothar turn Ad* mctd CC1E R&S Work Buuk 2.11 

C 2009 Varlrib Kucha riani. All rijhti reserved 



PqgeSlaflQ68 



Cat-2**Show int trunk B Vlans allowed on trunk 


Port 


Vlans allowed on trunk 


FaO/19 


100,120 


FaO/20 


none 


FaO/21 


200,240 


FaO/22 


1,3, 11-4094 


FaO/23 


1-4094 


Fad.' 24 


1-4094 


Port 


Vlans allowed and active in management domain 


FaO/19 


100,120 


FaO/20 


none 


FaO/21 


200,240 


FaO/22 


1,3 , 1 00 , 1 20 , 1 30, 140,20 0, 23 , 24 ,3 ,340 ,400 


Fait/ 23 


1-1 0,1 00,120, 130, 140,200,230,240,300340,400 


FaO/24 


1-10,100,120,130,140,200,230,240,300340,400 


(The rest of the output is omitted) 


On Ca 


t-3 


Cat-3#Show int trmik B Vlans allowed on trunk 


Port 


Vlans allowed on trunk 


FaO/19 


300,340 


FaO/20 


1-339341-4094 


FaO/21 


130 


FaO/22 


1-129,131-4094 


FaO/23 


1-4094 


FaO/24 


1-4094 


Port 


Vlans allowed and active in management domain 


FaO/19 


300,340 


FaO/20 


1 - 10, 100,120,1 30, 140,200,230,240,300,400 


FaO/21 


130 


FaO/22 


1-10, 100,120,1 40,200,230,240,300,340,400 


FaO/23 


1-10,100,120,130,140,200,230,240,300340,400 


FaO/24 


1-10,100,120,130,140,200,230,240,300340,400 


^ 77; t? nesf of the output is omitted) 



CCIE R&* by Narbik Kuchar tans Advanced CCIE R&S Work Book 2.(1 Page 52 of 1068 

C2009 Wl>ik Kudu rum. All rijjhu rcim'dl 





Task 22 

Erase the config.tcxt and Ylan.dat on all four switches and reload them before proceeding 
to the next task. 






On All Four Switches 
Cat-x#Delete vlan.dal 
Cat-x#Delete conflgMext 

C at -x?* reload 






Task 23 

Configure all ibur switches based on following requirements: 

• Shut down all ports on all tour switches 

• Configure a Dot 1 q trunk between Switch 1 and 2 using port FQ'l 9 

• Set the VTP domain on Switch 1 and 2 to TST 

• Name the first Switch to Cat-] and the second Switch to Cat -2. 






On The hirst Switch: 
Switchfcontig^Host Gat- 1 

On The Second Switch: 

Switch(coniig)#Host Cat-2 

On All Four Switches: 

Cat-x(config)#int range ffll -24 
Cat-x(contig-if-rangc)#Shut 

On Cat-1 and Cat-2 

Cat-x(config)#intFQi9 

Cat-x(config-if)#swi trunk encapsulation dot Iq 

Cat-xi config-ilV^swi mode trunk 




e< 


ZIE R& S b> N ar bik Kadttir ia its Ad* anc l d CC1 E R& S Wa rk Boo k 2 . II Page S3 of 16 

C 2009 Narbik. Kucha rianx All righti rtirnMl 


u 











Cat-x(conng-if)#NO shut 

Cut -xi conl:g)-Vtp domain TST 






Task 24 

Configure VLAN 100 on Cat-1 und assign its F0.' 1 interface to this VLAN. 






On Cat-1 

Cat-](conng)#int fflT 
Cat- l(config-if)#Swi mode ace 
Cat-l(config-if)#Swiacc v 100 
Cat-l(conng-if)#NO shut 

To verily the configuration: 

On Cat-1 

Cut- L#Show vlun brie Inc VLANO 1 00 
100 VLANO 100 active 






Task 25 

Configure the switches such that they restrict Hooded traffic to those trunk links thut the 
traffic must use to access the appropriate network devkc/s 






This task is asking for VTP Pruning to be enabled, to understand VTP pruning, its 
helpful to know the VTP message types. 

There are four types of VTP advertisements that are exchanged between the 
switches, and they are: 

i. Summary advertisements: An update sent bv VTP servers or a 
client every 300 seconds or when a VLAN database change occurs. 
This update includes: VTP version, domain name, configuration 
revision number, time stamp, and number of subset advertisements. 




ct 


Z1E R&!s b\ Surlilk Kocharfcns Adv anirL-d CCIE R&S Work Book 2.11 Page 54 of 16 

C 2009 MarbikKuchariini. All riflbU r«erv«l 


<68 



If the advertisement results from a VLAN database change, one or 
more subset advertisements will follow. 

2 . Subset advertisements: An up da t e t ha t fo I lo ws a s um ma ry 
advertisement resulting from a change in the VLAN database. A 
subset advertisement includes the specific change's that was made to 
a given VLAN.'s. 

j . Advertisement reuuests from clients: T he se a r e up da t es sen t 

by a switch requesting more information so it can update its 
database. If and when a switch receives a VTP summary 
advertisement with a configuration revision number higher than its 
own, the local switch will send an advertisement request, requesting 
information about changes so it can update it's \ LAN database. A 
switch operating in VTP server mode then responds with one or 
more subset advertisements. 

4. VL A\ m em b ers hi p a n n o u ne e m en t : Thes e mess ages are 

generated by the switches when VTP Pruning is enabled and a port 
is associated to a given V LAN: these messages tell the neighboring 
switch that the local switch is interested in receiving traffic for that 
given VLAN. If the local switch does NOT send this message for a 
given VLAN, the neighboring switch will NOT send the traffic for 
that VLAN, and therefore the traffic for that VLAN will be pruned. 



On Cat- 1 



Cat- l#Show interface pruning 

Pruning not currently enabled in this device's VTP administrative domain. 

Note the above message states that the pruning feature is NOT enabled. The output 
of the following messages reveals the same fact: 

Cat- lf»Show vtp status I Inc VTP Pruning Mode 

VTP Pruning Mode : Disabled 

To enable VTP Pruning: 

Cat- lSVlp Pruning 
Pruning switched on 

To verify the configuration: 
On Cat-I 



CCIE R&«* b) Narbik Kothar ium Ad* mured CC1E R&S Work Book 2.11 Page SS of 1068 

C 2009 Narbik Kucha riant. All right! reserved 



Cat- IffShow vtp status Inc VTP Pruning Mode 

\'TP Pruning Mode : Enabled 

Note this, configuration i> ill be propagated to all switches that have a trunk 
establishes with the local switch that and are in the same VTP domain: 

On Cat-2 

Cat-2#Sho\v vtp status ' Inc VTP Pruning Mode 

VTP Pruning Mode : Enabled 

Cat-2#Sh interface FQ 1 9 pruning 

Note the following output has two sections, the first section lists VLANs that are 
pinned, because the local switch has not received a Man Membership 
Announcement message (V MA) from the neighboring switch: 

Port Vlans pruned tor lack of request by neighbor 
FaO/19 none 

This section of the output identities for what VLANs the local switch has sent 
VMAs, and therefore, not pruned: 

Port Vlan traffic requested of neighbor 

FaO 19 I 

On Cat-1 

Cat- l#Sho\v interface ft) 1 9 pruning 

Note the local switch will NOT send traffic for \ LAN out of this trunk interface, 
because the local switch has NOT received VMAs for this VLAN. 

Port Vlans pained tor lack of request by neighbor 
FaO/19 100 

Note the local switch has sent VMAs for these two VLANs: 

Port Vlan traffic requested of neighbor 
FaQ/19 I.I 00 



CCIE R&*s b) Narbik Kochar tans Ad* mured CC1E R&S Work Book 2.11 Page 56 of 1 068 

C 2009 \ar bib Kucha rimi. All rijjhu raerved 



Task 26 

Configure YL AN* 200, 300, 400, 500 and 600 on Cat-1 and ensure that these YLAXs are 
propagated to Cat -2. 



On Cat-1 

Cat- l(config)#Vlan 200.300,400.500,600 
Cat- ](con%-vian)T*cxit 

On Cat-2 



Cat- 


2#Show vlan br 


exc uri 


sup 




<sni 


P> 








100 


YLAN0100 






active 


200 


VLAN0200 






active 


300 


VLAN0300 






active 


400 


\'LA\0400 






active 


500 


V LAN 0500 






active 


600 


YLAN0600 






active 


To verify the confiuurittiun: 


On Cat-1 









Note the output of the following show command displays that VLANs 100,200,300, 
400, 500 and 600 are pruned: 

Cat- If* Show interlace F0' 1 9 pruning 

Po rt V Ian s p ru nod to r lac k o f r cq u est by nc ig h bo r 
FaO 19 10 ,20 0,30 0, 40 , 50 ,6 

Port Vlan traffic requested of neighbor 
FaO 19 LI 00 

On Cat-2 

Cat-2ffShow interface F0 1 9 pruning 

Port Vlans pained tor lack of ret] u est by neighbor 
FaO; 19 20 (M0 0,4 00, 50 0,600 



CCIE R&* b) Narbik Kocharians Advanced CCIE R&S Work Book 2.0 Page 5? of 1068 

C2009 Narbik. Ko durum. All riflhu raerved 











Port Vlan traffic requested of neighbor 
FaO 19 1 






Task 27 

Configure FO'2 interlace of Cat- 2 in VLAN 100. 






On Cat-2 

Cat-2(config)#im ffl/2 
Cat-2(config-if)#swi mode ace 
Cat-2(config-if)#swi aec v 100 
Cat-2(conlig-ii)#NO shut 

Note you may have tu wait fur 3(1 seconds for convergence: 

Cat-2#Show interface F 1 9 pruning 

Port Vlans pruned for lack of request by neighbor 
FaO 19 200300,400,500, 600 

Port Vlan traffic requested of neighbor 
FaO' "19 LI 00 

Note the output of the above show command reveals that the local switch has sent 
VMA message for VLAN 100. 






Task 28 

Configure the switches such that ONLY VLAN 300 is pruned. 






On Cat-1 

Cat- I#Show interface F0 1 9 pruning 

Port Vlans pmncd for lack of ret] u est by neighbor 
FaO/19 200,300,40(1,500,600 




c< 


ZIE R&!s b) Nurlrik Kuirhar tans Ad* uiced CC1E R&S Work Book 2.11 Page $8 of 16 

C M09 Nsrbik. Kucha riim All rhjhti reserved 


<68 



Port Vlan traffic requested ofncighbor 
FaO 19 LI GO 

Note VLAN 300 is pruned. To configure the switches such that its no longer pruned: 

On Both Switches: 

Cat-x(config)#int ft). 19 

Cat-x(config-if)#S\*itchport trunk pruning vlan 300 

Note the above command instructs the trunk to Prune VLAN 300 ONLY, therefore, 
the rest of the VLANs in the VLAN Database will NOT be pruned. 

On Cat- 1 



Cat- If* Show interface F0 1 9 pruning 

Po rt V Ian s p ru n cd lb r lac k o f r cq u est b y nc ig h bo r 
FaO/ 19 300 

Port Vlan traffic requested ofncighbor 
FaO ,19 1 ,100,200 ,400,500,} 

Note VLAN 3 

On Cat -2 Pruned. 

Cat-2f*Show interface F0 ^"pruning 

Po rt V Ian s muffed lb r I ac k o f r cq u est b y nc ig h be r 
Fa0/19 300 

Port Vlan traffic requested ofncighbor 
FaO 19 1 , 1 00 ,200 ,40 0,50 0, 60 



is the ONLY \ LAN that is 



Task 29 

Configure the switches such that VLAN" 200 is also pruned, you should NOT use the 
command from the previous task to accomplish this task. 



On Both Switches: 



CCIE R&«* b) Narbik Kothar tuns Ad* uictit CCIE R&S Work Book 2.11 

C 2009 \srl>ik Kucharuni. All rijjhu rtiervcil 



Page 59 af 1 068 



Cat-x(config)#int ft) 19 

C at - x( co n tig- if)£ Switch port trunk pruning vlan add 20(1 



'l'o vilify the configuration: 



On Cat-1 



Cat- l#Sh inter it) 1 9 pruning 

Port Vlans pruned for lack of request by neighbor 
Fat); 19 2003(H) 
▼^^^ 

Port Vlan traffic requested of neighbor 
FaO 19 lJ0O,4OO,50oJ&0-v^^ 

On Cat -2 ,-^Note VLAN 200 is added to the list of Pruned 

/-f VLANs 

Cat -2* Show interlace FO I9ji1~uning 

Port Vlans marncd tor lack of request by neighbor 
Fat); 19 200,300 

Port Vlan traffic requested of neighbor 
FaO; 19 LI 00. 400. 50 0.600 



Task 30 



Configure the switches such that NONE of the VLANs arc pruned. 



On Both Switches: 

Cat-x(contig)#int ft) 1 9 

C at- x( con fig- if)?* Sv.it eh port trunk pruning vlan NONE 



To verify the configuration: 



On Cat-1 



Cat- l#Sho\v interface ft) 1 9 pruning 



CCIE R&* b) Narbik Kochariam Ad* anctd CCIE R&S Work Book 2.0 Page 60 of 1068 

C 2009 Varfoik Kucha riam. All rights reserved 











Port Vlans pained tor lack of request by neighbor 
FaO.' 19 none _ 

*\ 

Port Vlan traffic requested of neighbor 
FaO/ 19 Lit) ,2 30 ,4 O&^QO , 60 

On Cat-2 ^> Note NONE of the \ LANs are pruned 

Cat -2S Show interlace F0 1 9 pruning 

Port Vlans pruned tor lack of request by neighbor 
FaO.' 19 none *'" 

Port Vlan traffic requested of neighbor 
FaO/ 19 L 1 r 2 ,30 0,40 0, 50 , 60 D 






Task 31 

Configure the switches such that all VLANs arc pruned. 






On Both Switches: 

Cat-x(config)#Int FO/19 

Cat-x(contig-it>SvMteh trunk pruning vlan 1,100,200300,400,500,600 

Note you should get the following errors: 

Command rejected: Bad VLAS pruning list. 

The reason the error message was generated was because VLAN 1 CAN NOT BE 
PRUNED. 

Cat-x( co n fig )#] n t F ' 1 9 

Cat-x(config-il>Suitch trunk pruning vlan 100,200,300,400,500,60(1 

To verify the configuration: 

On Cat- 1 

Cat- L#Show interface F0 1 9 nrunina 




CI 


:iE R&S b) Narbik Kuchar ians \d\ amrird C'CIE R&S Work Book 2.11 Page 61 of 16 

C 2009 Varl>it Kucha riani. All right! r«trv«l 


<68 



Port Vlans pained tor lack of request by neighbor 
FaQ/19 200,300,400,500,600 

Port Vlan traffic requested of neighbor 
FaOI9 LI 00 

Note VLAN 100 tan NOT be pruned because the local switch has port membership 
in this VLAN. 



On Cat-2 

Cat -2?* Show interface FO 1 9 pruning 

Port Vlans pruned tor lack of request by neighbor 
Fa0,19 200,300,400,500,600 

Port Vlan traffic requested of neighbor 
FaQ/19 I.I 00 



Task 32 

Configure the switches such that VLAN' 200 is no longer pruned: do not use a command 
that was used before to accomplish this task. 



On Both Switches: 

Cat-x(config)#intF0']9 

Cat-x(contig-if)r*Switchport trunk pruning vlan remove 200 



To verify the configuration: 

On Cat-1 

Cat- l#Show interface F0 19 pruning 

Port Vlans pained tor lack of request by neighbor 
FaO 19 300.400,500,600 



CeiE R&* b) Narbik Kochariaiw Advanced CC1E R&S Work Buok 2.11 Page 62 of 1 068 

C M09 \arlrib Kucha riani. All rijhti racrved 



Port Vlan traffic requested of neighbor 
FaO 19 1.100.200^. 

Note VLAN 200 was removed from the 
On Cat -2 > list of VLANs being pruned. 



Cat'ZsShow interface F0 1 9 pruning 

Port Vlans pained tor lack of request by neighbor 
Fuij 19 300,400,500,600 " 

Port Vlan tralYiCjrcqucstcd of neighbor 
FaO 19 1,100,200 



Task 33 

Erase the vlan.dat and config.tcxt and reload the switches before proceeding to the next 
lab. 



CCIE R&* by Narbik Kocharians Ad* ancird CC1E R&S Work Book 2.0 Page 63 of 1068 

O2009 Wl>ik Kudu rum. All rijjhu rcicrv«l 



Lab 2 
EthcrChanncls 



FO/19-20 




Task I 

Configure the hostname of the first switches as per diagram. Ensure that the ports of these 
four switches arc in Shutdown mode. Configure VTP domain name to TST on all four 
switches. 



On SW -I 

Switch(coniig)#hostnamc SW- 1 

SW- l(config)#int range ffi/1 -24 
SW- 1 (config-if-rangc)nSh ut 

SW-lfconfig^VTP domain TST 



CCIER&Sb\ Narbik Kocharians Advanced CO E R&S Wurk Buck 2.0 

C 2009 \arlrik. Kucha riani. All rights reicrvcil 



Page 64 af 1068 



On S\\ -2 

S witc h( co n tig )#h o st n amc S W - 2 

S\V-.2(config)#int range fll' 1 -24 
S W- 2( c o n tig- it- rangc)# Sh ul 

SW'-2(contig)r*\"rP domain TST 

On SW-3 

Switch(contig)#hostnamc SW-3 

S W- 3( co n iig)#i nt range ftl' 1 -24 
S W- 3( co n tig- if- ranged Sh ut 

S\V-3(config)#VTP domain TST 

On SW-4 

Switch(contig)#hostnamc SW-4 

SW-4(contig)#int range ffii-24 
S W-4(co n tig- if-rangc)#Sh ut 

SW-4(contig)#VTP domain TST 



Task 2 

Configure ports FQ 1 9 and FO/20 on SW-1 and SW-2 as trunk links using an industry 
standard protocol, these links should appear to Spanning-trec protocol as a single link. It* 
one of the links tail, the traffic should use the other link without any interaction. The 
ports on SW-1 should be configured such that they ONLY respond to PAgP packets and 
never start the negotiation process. 



EtherChannels provide the follows: 

> Fault-tolerant, high speed links between switches and routers. 

S* EthcrChanncl provides an automatic recovery tor the loss of a link by 
redistributing the traffic across the remaining link/s. 

> STP will not block o nc of the links in the bundle because to STP, the bundle 



CCIE RA^ In Nartiik kuchariami 



\d\ anctd CCIE R&<> Wurk Buck 2.0 

C 2009 \arlrib Kucha riant. All rijhU reserved 



Page 65 af 1068 



looks like a single link. 

> Up to 8 links can be combined to provide more bandwidth. 

P The links within the bundle must have the same characteristics such as 
duplexing > speed and etc. 

> EthcrChannel can be configured as layer 2 or layer 3. 

P With Layer 3, a logical interface (Port-Channel) is statically configured and all 

Layer 3 configurations arc performed under that interface. 
P With Layer 2, the logical interface is created automatically. 

> With both Layer 2 and Layer 3, physical interfaces must be manually assigned to 
the logical interface using "channel -group 1 'con figuration command. 

'i* EthcrChanncls can be configured automatically using Port aggregation protocol 

(PAgP) or Link Aggregation protocol (LACP). 
P PAgP is a Cisco proprietary protoco !> whereas LACP is an industry standard 

IEEE 802. 3ad protocol. 
P Switches can be configured to use PAgP by configuring them in ALTO or 

DESIRABLE mode. 
P Switches can be configured to use LACP by configuring them in ACTIVE or 

PASSIVE mode. 

> If the switches arc configured in OX mode, they will not exchange LACP or 
PAgP packets. 

Thin Liru 5 modi's I3ntl lliu suitiln^ inn bu i'on]'i;juri'd in: 

P ON — Forces the interface into an EthcrChannel without PAgP or LACP packets,, 
both switches must be configured in OX mode for the EthcrChannel to be 
established. 

P ACTIVE - Used in LACP - the switches will actively negotiate an EthcrChannel 
link. 

P PASSIVE — Used in LACP ,, it places the interface in a passive negotiation mode 
where it only responds to LACP packets that it receives. In this mode the switch 
will not start the negotiation process; this setting minimizes the transmission of 
LACP packets. 

'r AUTO — Used in PAgP, , it places the interface in a passive negotiation mode; It 
only responds to PAgP packets that it receives. In this mode the switch will not 
start the negotiation process; this setting minimizes the transmission of PAgP 
packets. 

P D E5 1 R . \ B L E - Used in PAgP ,, the switc hes wil 1 ac lively ncgo tiatc an 
EthcrChannel link. 

The following table is very important to understand when configuring 
EtherChannels: 



CCIE R&S. b\ Narbik Kuchar tans Ad* ancL-d CCIE R&S Work Buok 2.11 Page 66 afI068 

C M09 Msrhik Kucha ri«ni. All rights reserved 



[fSW-1 is 

configured in 


lfS\V-2is 

configured in 


Will an 

Kthei Channel be 

est abli shed? 


The protocol 
used: 


Desirable 


Desirable 


YES 


PAgP 


Desirable 


Auto 


YES 


PAgP 


Auto 


Auto 


NO 


« 


Active 


Active 


YES 


LACP 


Active 


Passive 


YES 


LACP 


Passive 


Passive 


NO 


— 


ON 


ON 


YES 


NONE 


on 


An to 


NO 


~ 


ON 


Desirable 


NO 


~ 


ON 


Passive 


NO 


« 


ON 


Active 


NO 


— 



When configuring EtherChannels, configuration of EtherChannels should be 
configured in certain order, the following is my recommendation for creating 
EtherChannels: 

1. Configure '"Default interface" for the interfaces involved. 

2. Assign a channel-group and channel-group number to the physical 
interfaces, this step will create a port-channel interface automatically. 

3. Configure the trunking encapsulation directly in port-channel interface 
configuration mode. 

4. Reset the ports in the group by entering "Shut 1 " and then, "No Shut'". 

Step One 
OnSW-1 
SW- l(config)*Default interface range FJI/19-2J) 

SW-l(con%)#]ntcrikcc range RV 19-20 
SW- ](config-if-rangc')#NO Shut 

Step Two 

SW-l{oomfigJ#iBt range ffl- 1 9-20 

S W- 1 ( con fig- if- rarjgc)#C hanncl -gro up 1 2 mo die Auto 

You should see the following messages: 

Creating a port-channel interface Port-channel 12 

Note the interface Port-channel 12 is created automatically': 



CCIE R&!s b) Nurliik Kuirhariaiw Ad* anirird CCIE R&S Work Buuk 2.11 

C 1009 Varbik Kucha riani. All rights reserved 



Page 67 of 1068 



SW- l"Show am Inc interlace Port-channel 
interface Port-channcll2 

Stt?p I " J 1 J' iL- iL- 

SW-I{oanfig]#Iilt Port-channel 12 

SW-](config-if)#S , **itehport trunk encapsulation dotlq 
SW- l(config-ifj#Switdip«t1 mode trunk 

On SW-2 

SW-2(config)#Default interface range FW19-20 

SW-2(config)#int range fit 1 9-20 

S\V-2( con tig- if- range )"Qi an n el-group 21 mode Desirable 

S \V-2( co n fig)S 1 n t Po rt -ch a n n el 2 1 

SW-2(contig-if)*S'witehport trunk encapsulation dotlq 
SW-2(CMifig-if)#S , r> itch port mode trunk 

Step Four 

On SW -1 and SW-2 

SW-x(coniig-ii)#int range m 19-20 
S W-x( co n fig- if- range )#Sh ut 
S \V-x( co n fig- if- r angc )# \( ) shu t 

To verify the configuration: 

On SW-1 

SW- l#Sh interlace trunk 

Port Mode Encapsulation Status Native via n 

Pol 2 on 802. lq trunking 1 

/ The rest of the output is omitted) 

On SW-2 

S\V-2#Sh interlace trunk 



CCIE R&5, bj Narbik Kothar tans Ad* anirird CC1E R&S Work Book 2.11 Page 68 of 1068 

O2009 \arl>ik Kucha riani. All rijhti renrrved 



Port Mode Encapsulation Status Native vlan 

Pt>21 cm 8(12. lq tru liking 1 

f The rest of the output is omitted) 

On SW-1 



SW-lffShow interlace 10 19 switchport Inc Operational Mode 
Operational Mode: trunk (member of bundle Poll) 

On SW-2 

SW-2*Sh int fll'19 swi ! Inc Operational Mode 
Operational Mode: trunk (member of bundle Poll) 



Task 3 

Configure ports FO. 2 1 and FQ '22 on SW-3 and SW-1 as trunk links using an industry 
standard protocol, these links should appear to STP as a single link. If one ol'thc links 
tails,, the traffic should use the other link without any interruption. These ports should 
NOT negotiate by exchanging LACP or PAgP protocol to accomplish this task. 



On SW-1 

SW-1 (con fig)?* default interface range FO/21-22 

SVV- l(config)#lnt range FO/21 - 22 
SW-I(config-if-rangc)#GianneI-group 13 mode on 
SW- ](config-il-rangc)#NO shut 

S W- l(config-if-rangc)#int port-channel 13 

SW- 1 ( co n fig- if)# switch port trunk encapsulation dotlq 

SW- ](config-if)#swi mode trunk 

On SW-3 

S\V-3(coniig)riDefault int range fH/21-22 
SW-3i;config)*lnt range til 21 - 22 



CCIE R&«* b) Narbik KochaHans Ad* anet.-d CCIE R&S Work Book 2.11 Page 69 of 1068 

2009 Wl>ikKn durum. All rijjhu raerved 



SW-3(coniig-if-rangc)riChanneI-group 31 mode on 
S W- 3( co n tig- if- rangc)#> O shu t 

S W- 3( co n tig- if- rangc)#in 1 port- eh a n nel 3 1 

S W- 3( co n tig- if)#s\\i tch port trunk encapsulation dotlq 

SW-3(conlig-if)#S , vvi mode trunk 

On Both SW-I and SW -3 

S\V-x(contig)f#int range RI/21-22 
S W-x( co n tig- if- range )#Sh ut 
SVV-x(config-if-rangc)#N() Shut 

I 'n vL'fit'v the ct»ni'i<junitit>n: 

On SW-1 

S\V-l"Sho\v interface trunk 

Port Mode Encapsulation Status Native v Ian 

Pol2 on 802. lq trunking I 

Pol 3 on 802. lq trunking 1 

(The rest of the output is omitted) 

SW- 1 g Show cthcrchanncl protocol 

Channel- group listing: 

Group: 12 

Protocol: PAgP 

Group: 13 

Protocol: - (Mode ON)*' 

On SW -3 

S\V-3rrShow interface taink 

Port Mode Encapsulation Status Native v Ian 

Po31 on 802. lq trunking 1 

(The rest of the output is omitted/ 




>i:ili; PAliP is used lor Ether dm rind negotiation. 



Note PAgP or LACP is NOT in use 



CeiE R&* b> Narbik Kothar bns Ad* anctd CCIE R&S Work Book 2.11 

C 2009 Narbik Kucha riant. All rijIiU reserved 



Page "Oaf 1068 



SW-3#Show cthcrchanncl summary 

Flags: D - down P - in port -channel 

1 - stand-alone s - suspended 
H -Hot-standby (LACP only) 
R - Layer 3 S-Lavei'2 

U -in use f - failed to allocate aggregator 

u - unsuitable for bundling 
w - waiting to be aggregated 

d - default port 

Number of channel-groups in use: 1 
Number of aggregators: 1 

Group Port- channel Protocol Ports 

31 Po31fSU) - Fau721(P) FaG722(P) 



Task 5 

Ensure that all the EthcrChanncIs created on SW-1 arc load -balanced based on 
destination MAC address. 



Etherchannel Load balancing can be done on 3550 or 356(1 snitches: 3560 switches 
are more flexible and provide more options, the following explains the load- 
balancing options available on these switches: 

On 3550 Switches: 

Source MAC Address - Packets forwarded to an EthcrChannel arc distributed across the 
ports in the channel based on the Source MAC address of the incoming packets. 
Therefore,, different devices with different source MAC addresses use different interfaces 
in the bundle. When source MAC address load balancing is enabled, the load distribution 
based on i.1..j Source and Destination IP address pair : _ _.r.:. u ::>v 

routed IP traffic. 

Destination MAC Address - If the E thcrChanncl is between a router and a switch and 
since the router has a single MAC add res S, destination based load balancing is the best 
way. In this load balancing method, packets forwarded to an EthcrChannel 

arc distributed across the ports in the channel based on the Destination MAC." address of 



CCIE R&5, b) Narbik Kocharians Advanced CCIE R&S Work Book 2.11 Page 71 of 1068 

O 2049 Mar bib Km durum. All rig hit reitn til 



the incoming packets. 

.Note there arc only tno choices on 3550 snitches: 

S\V-3(contig)rrPort-channel load-balance ? 
dst-mac Dst Mac Addr 
sre-mac Src Mac Addr 

To verily the default setting: 

On SVV-3 

SVv'-3#Show Ethcrchannci load -balance 

EtherChanne I Load-Balancing Operational State (sre-mac): 
Non-IP: Source MAC address 

IPv4: Source MAC address 

IPv6: Source IP address 

SW-1 is a 3560: 

The iblhming arid thu options available on 3561) switches: 

Source MAC Address - When packets arc forwarded to an Ethcrchannci, they 1 re 
distributed across the ports in the channel based on the Source MAC address of the 
incoming frame. 

DL'sliiialimi MAC." Address - When packets are forwarded to an Ethcrchannci, they're 
distributed across the ports in the channel based on the Destination MAC address of the 
incoming frame. 

Source and Destination MAC Address ■ When packets arc forwarded to an 
Ethcrchannci, they're distributed across the ports in the channel based on the Source & 
Destination MAC, address pair j: i.I"..j i...,nr ng frame. 

Source IP Address - When packets arc forwarded to an Ethcrchannci, they're distributed 
across the ports in the channel based on the Source IP address of the incoming frame. 

Destination IP Address - When packets arc forwarded to an Ethcrchannci, they're 
distributed across the ports in the channel based on the Destination IP address of the 

incoming frame. 

Source & Destination IP Address - When packets arc forwarded to an Ethcrchannci, 



CCIE R& S bj N ar bik Kochar ia its Adv anir ed C C I E R& S Wo rk Boo k 2 . II Page 72 of 1 068 

C2009 N«r bik KocKj runs. All riflhu rnerved 



they're distributed across the ports in the channel based on the Source & Destination IP 
ad d ress pa i r o f the incoming frame. 

To sw thi 1 abox v options on 3561) switchi'S : 

SW-](coniig)#Port-ehannel load-balance ? 
dst-ip Dst IP Addr 

d st -ma c D st M ac Ad d r 
sre- dst-ip Src XOR Dst IP Addr 
sre-dst-mac Src XOR Dst Mac Addr 
sre-ip Src IP Addr 

src- mac Src Mac Addr 

To verify thi 1 ikTault si-tting: 

SW- I s Show Ethcrchanncl load-balance 

EtherCluinne I Load-Balancing Opt 1 ratio mi I State (sre-mac): 

Nftll-IP: Source MAC address 
IPv4: Source MAC address 
IPv6: Source IP address 

To configure the load balancing based on the destination Mac addresses: 

OnSW-1: 

SW-I(config)#port-ehannel load-balance dst-mac 

To verify thi- configuration: 

OnSW-l 

SVV-l#Show ethcrchanncl load 

EthcrChanncl Load -Balancing Operational State (dst-mac): 

Non-IP: Destination MAC address 
IPv4: Destination MAC address 
IPv6: Destination IP address 

Note since the command is entered in the global configuration mode, it effects all 
EthcrChanncl ports created on the local snitch. 



CCIE R&* by Narbik Kocharians Advanced CC1E R&S Work Book 2.11 Page "3 s>fI068 

O 2009 Narbik Kucha riani. All rights rntnnl 



Task 6 

Ensure that all the EthcrChanncls. created on SW-2 arc load ■balanced based on the 
following policy: 

» For Non-IP, Source and Destination MAC address 

* For IPv4, Source and Destination IP Address pair 

• For IPv6. Source and Destination IP address pair 



On SW -2 

S W-2( co ntig)# port- channel load-balance sre-dst-ip 

To verify the configuration: 

On SW-2 

SW-InShow Ethcrchanncl jo ad -balance 

EtherChannel Load -Balancing Operational State isre-dst-ip): 
Non-IP: Source X OR Destination MAC address 

IPv4: Source XOR Destination IP address 

IPv6: Source XOR Destination IP address 

The following reveals the behavior of a 356(1 snitch when the load balancing is 

changed: 

II the load-balancing is changed to "sre-mac": 
Non-IP: Source MAC address 
IPv4: Source MAC address 
IPv6: Source IP address 

If the load-balancing is changed to "dsl-inac'": 

Non-IP: Destination MAC address 
IPv4: Destination MAC address 
IPv6: Destination IP address 

If the load-balancing is changed to "sre-ip": 

Non-IP: Source MAC address 

IPv4: Source IP address 
IPv6: Source IP address 

If the load-balancing is changed to "dst-ip"': 



C€IE R&* b) Narbtk Kochariaiw Advanced CC1E R&S Work Book 2.11 Page 74 of 1068 

CM \arbilt Kucha riani. All rijjhu raerved 











Non-IP: Destination MAC address 
IPv4: Destination IP address 
IPv6: Destination IP address 

If the load-balancing is changed to "sre-dst-mac": 
Non-IP: Source XOR Destination MAC address 
IPv4: Source XOR Destination MAC address 
IPv6: Source XOR Destination IP address 

If the load-balancing is changed to "sre-dst-ip": 

Non-IP: Source XOR Destination MAC address 
IPv4: Source XOR Destination IP address 
IPv6: Source XOR Destination IP address 






Task? 

Configure ports FO 2 1 and FO 22 on SW-2 and SW-4 as trunk links using Cisco 
proprietary trunking encapsulation, these links should appear to STP as a single link, [f 
one of the links fails, the traffic should use the other link without any interruption. These 
ports should actively negotiate an ethcrchanncl using PAgP. 






On SW-2 

S\V-2i;config)#default interface range fl)/2l-22 

SW-2(config)#int range ftt'21-22 

SW-2(config-if-rangc)#channeI-group 24 mode desirable 
S W- 2( co n fig- if- rangc)#N( ) shu t 

S\V-2(config)r*]nt port-channel 24 

S W- 2( con tig- if)#sw itch port trunk encapsulation isl 

S \V-2( "con tig- if)" Switch port mode trunk 

On SW-4 

SW-4(config .^default interface range f()/21-22 

S\V-4(config)#int range ffi'2 1 -22 

SW-4(contig-if-range)T*ehannel-group 42 mode desirable 
S \Y-4(co n tig- if- rangc)#N( ) shu t 




ct 


:iE R& S b> N ar bik Ku char in m Adv aneed C€l E R& S Wo rk Boo k 2 .0 Page TSoflC 

C 204)9 Nsrbik Kucha rianx All ry lib reserved 


U 



SW-4(config')#int port -channel 42 
S\Y-4(coniig-if)#switchport trunk encapsulation isl 
S\V-4(coniig-if)#switchport mode trunk 

On S\\ -1 and SW -4 

S W-4(coniig- if- range )#int range fD/2 1 -22 
S \V-4(co n tig- if- range )#sh ut 
SW-4(config-if-rangc)#NO shut 

I 'n vL'fit'v the configuration: 

On SW-4 

SVV-4#Show interface trunk 

Port Mode Encapsulation Status Native v Ian 

I-Y42 cm isl trunk in l; 1 

(The rest of the output is omitted) 

To verify the configuration: 

On SW-4 

SW- If* Show cthcrchanncl protocol 
Channel- group listing: 




Notu PA^P is msud \\;y M <3i u i-i^]i l-l n l ai u L nu imitation. 



SVv'-2#Show interface trunk 

Port Mode Encapsulation Status Native vlan 

Po21 on 802. lq trunking I 

Po24 on isl trunking 1 

(The rest of the output is omitted) 



CCIE R& S b> N ar bik Kochar ta its Ad* anc l d CC1 E R& S Wo rk Boo k 2 . II Page 76 of 1 068 

C M09 Mar bik Kucha riani. All righti rcitn.pi! 











S\V-2#Sho\v cthcrehanncl summary 

Flags: D - down P - in port- channel 

] - stand-alone s - suspended 

H -Hot-standby (LACP only) 

R - Laycr3 S-Laver2 

I- - in use f - foiled to allocate aggregate) r 

li - unsuitable for bundling 
w - waiting to be aggregated 

d - default port 

Number of 'channel-groups in use: 2 
Number of aggregators: 2 

Group Port- channel Protocol Ports 

21 PoZlfSU) PAgP FaO/19(P) FaO/20(P) 
24 Po24(SU) PAgP FaO/21(P) FaO/22(P) 






I ask 8 

Configure ports FO. 1 9 and FQ 20 on SW-3 and SW-4 as trunk links using Cisco 
proprietary trim king encapsulation, these links should appear to STP as a single link. If 
one of the links fails, the traffic should use the other link without any interruption. These 
ports on SW-3 should be configured such that they ONLY respond to LACP packets that 
are received from the appropriate ports on SW-4. 






On SW -3 

SW-3C©Oiiig)* default inter range fU/ 19-20 

SW-3(config)#int range RV1 9-20 

S W-3( con tig- if-rangc)# channel-group 34 mode passive 

S W- 3( co n fig- if- rangc)#N ( ) shu t 

S\V-3(config)#int port-channel 34 

S W- 3( co n fig- if) U Switch port trunk encapsulation isl 

S\V-3( con fig- if)?* Switch port mode trunk 

On SW-4 




a 


:iE R& S bj N ar bik Ku char ia ns Adv anted CCl E R& S Wo rk Boo k 2 . II Page 77 if 16 

C 2009 Narbik Kuchirun*. All rights raerved 


u 



SW-4(config>#def'ault interface range ft)' 19-20 

SW-4(config)#int range fO/ 1 9-20 
S\V-4(contig-if-rangc)#channeI-yroup 43 mode active 
S \V-4(co n tig- if- r angc)#NO shu t 

SW-4(conlig)r! ! int port-channel 43 

S \V-4(con tig- if)#sv\ itch port trunk encapsulation isl 

S\V-4(config-if)#switchport mode trunk 

On SW -3 and SW -4 

SW-4(contig)#int range fO/1 9-20 
S \V-4( co n tig- it- rangc)#Sh ut 
S \Y-4(co n tig- if- rangc)#N( ) shu t 



To verify the conf'igui ation: 



On SW -3 

S\\'-3"Sho\v cthcrchanncl protocol 

Channel-group listing: 
Group: 31 
Protocol: - (Mode ON) 

Group; 34 

Protocol: L.VCP 

SW-3#Sho\v interface trunk 

Port Mode Encapsulation Status Native vian 

Po31 on isl trunking 1 

Po34 on isl trunking 1 

f The rest of the output is omitted) 

On SW -4 

SW-4#Show interface trunk 



CCIE R& S b\ N ar bik Ku char ia its Ad v anc ird C CI E R& S Wu rk Boo k 2 . II Page "H of 1 068 

C2009 Wlfik Kudu rum. All rijjhu raerved 











Port Mode Encapsulation Status Native v Ian 
Po42 desirable n-isl trunking I 
Po43 cm isl trunking 1 
( The rest of the output is omitted) 

S\V-4#Sh ether summ B Number 

Number of channel-groups in use: 2 
Number of aggregators: 2 

Group Port -channel Protocol Ports 

42 Po42(Sl) PAgP FaO,'21(P) FaO/22(P) 

43 Po43(SU) LACP FaO/19(P) FaO/20(P) 






Task 9 

Configure ports FQ 23 and FO/24 on SW-1 and SW-4 as trunk links using Cisco 
proprietary tmnking encapsulation, these links should appear to STP as a single link. If 
one of the links fails, the traffic should use the other link without any interruption. These 
ports should be configured such that they actively negotiate a LACP EthcrchanncL 






On SW-1 

S\V-l(config)frdefauH interface range fO/23-24 

SVV-l(config)#int range fU'23-24 

SW-](config-if-rangc)#channeI-yroup 14 mode active 
S W- I(conlig-if-rangc)#NO shut 

S W- l(config)#int port-channel 14 
SW-l(confjg-if)#Swi tch port trunk encapsulation isl 

SW-1 (con tig- if)?* switch port mode trunk 

On SW-4 

SW-4(config)#default interface range fQ'23-24 

SW-4(coniig)#int range ft) 23-24 

SVV-4(config-if-rangc)#channeI-group 41 mode active 
S W-4(co n tig- if- range )#N( ) shu t 




et 


ZIE R& S b> N ar bik koohar ia m Adv utced CCl E R& S Wo rk Boo k 2 . II Page ?9afl6 

C IM09 Nsrbik Kucha riMni. All rhjhu reserved 


<68 



S\V-4(coniig)#int port-channel 41 

S \V-4( con tig- if)f*s\\ itch port trunk encapsulal 

S W-4( con tig- ii)# switch port mode trunk 


ion hi 


On SW-I andSW-4 




SW-4(contig-it^int range 110/23-24 
S W-4(co n tig- it- range )#sh ut 
S\V-4(contig-ii-range)#NO shut 




Tu verify the co nf iu lira ti tin: 




On SW-1 




SW- 1-Show inter trunk 




Port Mode Encapsulation Status 
Pol2 on 802. lq tmnking 
Pol3 on 802. lq bunking 
Pol 4 on KI Ir unking 
(The rest of the output is omitted) 


Native vlan 

1 
I 
1 


On SW -4 




SW-4#Show inter trunk 




Port Mode Encapsulation Status 
Po41 on i si trunk in y 
Po42 desirable n-isl trunkiii" 
Po43 on isl trunk in y 

(The rest of the output is omitted) 


Native vlan 
1 
1 
1 


SW-4#Sk>w Ethcrchanncl Pro 




Channel-group listing: 




(J roup: 41 


Protocol: LACP 




Group: 42 




Protocol: PAgP 





CCIE R&* bj Narbik Kochar tans Advanced CCIE R&S Work Book 2.11 Page 80 of 1068 

C2009 NarbiklCiichjiruinx All rijlifci raerved 



Group: 43 
Protocol: LACP 



task 9 

Configure ports FO/23 and FQ'24 on SW-2 and SVV-3 as a single layer three link; SW-2 
should be configured with an IP address of 10.1.23.2 .'24 and SW-3 should be configured 
with an IP address of 1 0.1 .23.3 .'24. These ports should NOT negotiate using LACP or 
PAgP. 



Note when configuring layer 3 EtherChannels, 1 recommend the order of operation 
to be as follows: 

1. Default interface the physical interfaces 

2. Configure the interface port-channel 

3. Configure the port-channel interface with "NO Swi" and then configure the 
IP address 

4. Configure the physical interfaces with "No Swi" 

5. Assign the port-channel ID to the interfaces using the channel-group 
interface configuration command 

6. Reset the physical interfaces by using "Shut'' and "NO Shut" 

On SW-2 

SW-2(config)r*default interface range fO/23-24 

S\V-2iconfig)#int port -channel 23 
S W-2(config-if)#NO sw itch port 
SW-2(oomfig-if)#ip addr 10.1.23.2 255.255.255.0 

SW-2(config)#int range ffl/23-24 
S\V-2(config-if-rangc)# NO sw heliport 
S W- 2( co n fig- if- range )# channel-group 23 mode on 
S\V-2(config-if)#NO shut 

On SW-3 

SVV-3(config)sdefauIt interface range fO'23-24 

SW-3(config)#int port -channel 32 



CCIE R&«* b) Narbik Kochariaiw Advanced CCIE R&S Work Book 2.11 Page 81 of 1 068 

C 2009 Vvbik Kucha riani. All rijjhU rcirnMl 



S W- 3( co n fig- if)#N( ) m i teh p a rt 

SW-3(config-ifl#ip ad dr 10.1.23.3 255.255.255.(1 

SW-3(config)#int range ffl'23-24 
SW-3(config-if-rangc)#Gaannel-group 32 mode on 

Note if the "No Snitchport" interface command is NOT configured, you should see 
the following error: 

Command rejected (~I*ort-chattnel32, FaO/23): Either port is L2 and port-channel is L3, or vice- 

versa 

% Range command terminated because it faffed on h'astLthernet(}/23 

SW- 3(contig-if-rangc)#-NO swi 
SW-3(config-if-rangc)#Gaannel-group 32 mode on 
S\V-3(coniig.ii-rangc)# NO shut 

On SW-2 and S\\ -3 

SW-3(config)#int range ffl/23-24 
S W- 3( co n fig- if- rangc)#Sh ut 
S\V-3(config-if-rangc)# NO shut 

10 verify and test the configuration: 

On SW-2 

SW-ZftShow Ethcrchannc: summary B Number 

Number of channel-groups in use: 3 
Number of aggregators: 3 

Group Port-channel Protocol Ports 

21 Po21(SU) PAgP Fa0719(P) Fa0.20(P> 

23 Fo23{RU) - Fa(»23(P) Fa 0/24 (P) 

24 Po24(SL') PAgP FaD/21(P) Fa0 22i;P) 

On SW-3 

SW-3*Ping 10.1.23.2 

Type escape sequence to abort. 

Sending 5 r 100-bytc ICMP Echosto 10.1.23.2, timeout is 2 seconds: 



CCIE R&5, b) Narbik Kochur iam Advanced CCIE R&S Work Book 2.11 Page 82 of 1068 

C 2009 Msrbik. KucliMriini. All rijjhU rtitrvtd 



Success rale is 80 pereenl (4/5), round-trip min/avg/rnax = 1/1.' 1 ms 



Task 10 

Erase the startup configuration and vlan.dat before proceeding to the next lab 



CC1E R&* by Narbik Kuchar taiw Ad* ancird CC1E R&S Work Book 2.0 Page 83 of 1068 

C 2009 Narbik Kuchariani. All rights rtserved 







Lab 3 








Basic 3560 continuation I 






Task 1 




Shutdown ports FO/21 - F0'24 on Switch 1 and 2. 






On Both Switches 








Switch(config)#int range FQ-'2 1 -24 








S witc h( co n tig - if- rangc)# Sh u t 








To verify the configuration: 






On Both Switches 




Switch#Show int status 








Port Name Status Vlan Duplex Speed Type 








FaO/'l connected I auto auto 10/ 100BaseTX 








FaO/2 connected I auto auto 10/ 100BaseTX 








FaO/3 connected I a-full a-100 10 100BaseTX 








Fa0/4 connected 1 a- lull a-100 10, 100BaseTX 








FaO/5 connected 1 a- full a-100 10/ 100BaseTX 








FaO/6 connected I a- full a-100 10/ 100BaseTX 








FaO/7 notconncct 1 auto auto 10/ 100BaseTX 








FaO/8 notconncct I auto auto 10/ 100BaseTX 








FaO/9 notconncct 1 auto auto 10. 100BaseTX 








FaO/10 connected 1 a-fLill a-100 10/ 100BaseTX 








FaO/'ll notconncct I auto auto 10/ 100BaseTX 








Fa0/12 notconncct I auto auto 10/ 100BaseTX 








FaO/13 notconncct I auto auto 10/ 100BaseTX 








FaO.T4 notconncct 1 auto auto 10/ 100BaseTX 








FaO/15 notconncct 1 auto auto 10/ 100BaseTX 








FaO/16 notconncct I auto auto lOTOOBascTX 








FaO/17 notconncct 1 auto auto 10/lOOBascTX 








FaO/18 notconncct 1 auto auto 10/ 100BaseTX 








FaO/19 connected 1 a- Hill a-100 10/ 100BaseTX 








FaO/20 connected 1 a- full a-100 10/ 100BaseTX 








FaO/21 disahlcd 1 auto auto 10/ 100BaseTX 








I-'aO 22 disabled 1 auto auto lOTOOBascTX 






O 


DIE R& 5 b) N ar Ink Ku irhar ia ns Ad* anir l d CO E R& S Wo rk Boo k 2 . II 


Page 84 of 16 


U 


C 2009 Narbik Kuchiriini. All rijjhU reicrvcd 





FaD/23 disabled ] 


auto auto ]0: '100BaseTX 


Fat) 24 disabled ] 


auto auto 10/ 100BaseTX 


f 77;? re.vf o/f/je output is omitted) 





Task 2 

Configure the first Switch to be in VTP domain called CCIE, this information should be 
propagated to Switch 2 via VTP messages. You can use any encapsulation or tagging to 
accomplish this task. 



Before assigning a VTP domain name, there must be a trunk established between the 
two switches so the configurations will be propagated to the other switch. 

On both snitches 

Switches how interface trunk 

Switch* 

Note the two 3560s switches are connected with 2 cross over ethernet cables, if these 

switches were 3550s, the two ports would have negotiated an ISL trunk, actually they 

would show up as "n-isl", this is because by default the ports are configured in desirable 

mode. With 3560 switches, the ports are not in desirable mode, a "show int I0.T9 

sw heliport" will reveal that by default the ports are configured in "Auto" mode (The 

Administrative Mode), and therefore, the port's must be configured statically to trunk 

or negotiate a trunk. 

On Both switches: 

Switches how cdp neighbors. 

Capability Codes: R - Router. T - Trans Bridge, B - Source Route Bridge 
S - Switch, H - Host J - IGMP, r - Repeater, P - Phone 



Device ID 
Switch 

Sv. :tch 



Local Intrfcc 
Fas 20 
Fas 0, 1 9 



Hokltmc Capability 
178 SI 

177 SI 



Platform Port ID 
\VS-C3560-2Fas 20 
\VS-C3560-2FasO-19 



Note the "Show cdp neighbors" command reveals the ports connecting the two switches. 

The output may be different depending on the ports of the routers connecting to these 
switches: in this case the ports on the routers are in Shutdown mode. 



CCIE R&S b* Nut Ink Ku char urns 



Ad* ancird CCIE R&S Wurk Book 2.0 

C 2009 \srl>it Kuchariani. All rijjhU reserved 



Page 85 af 1068 



On Both switches: 

Switch(conn"g)#int range 10' '19-20 

Switchtcontig-if-rangcYf^switehport trunk encapsulation isl 
Switchfconiig-if-rangc^switchport mode trunk 

To verify the configuration: 

On the first switches: 

Switches how ant trunk 

Port Mode Encapsulation Status Native vlan 

FaO 19 on isl trunk ing 1 

FaO/20 on isl trunk ing 1 

Port Vlans allowed on trunk 
FaO,' 19 1-4094 
FaO 20 1 -4094 

Po rt V Ian s al lowed and ac ti vc i n ma nagc men t d mai n 

FaO 19 1 
FaO/20 1 

Port Vlans in spanning tree forwarding state and not pruned 
FaO 19 1 
FaO/20 none 

Now that the trunk is established between the two switches, therefore, the VTP 
configuration will be propagated via VTP messages: 

On the first switch 

Switch(config)#VTP domain CCIE 

By default the 3560 switches are member of a domain called NULL, therefore, after 
entering the above command, you will get the following message unless the switch was 
member of another domain: 

Changing VTP domain name from XL'LL jo CCIE 

This task could also be accomplished within the "VLAN database" as follows: 



CCIE R&«* bj Narbik Koehar tans Ad* anccd CCIE R&S Work Book 2.11 Page 86 of 1068 

C 2009 Mar bib Kucha riani. All rights rcirrvMi 



Switch#Vlan database 
Switch(vlan)f#\'tp domain CCIE 
S witc h( v lan)# Ex it 

When any eon figuration is performed in the Vlan database, you must configure the 
"exit" or the "apply" command for the changes to take effect. 



Note the output of the following show command reveals that VTP propagated the VTP 
domain information to the second switch: 

On the second switch: 

Switches h vtp status 

VTP Version : 2 

Configuration Revision : 

Maximum VLANs supported loc-ally : 1 005 

Number ofcxisting VLANs : 5 

VTP Operating Mode : Server 

VTP Domain Name : CCIE 

VTP Paining Mode : Disabled 

VTP V2 Mode : Disabled 

VTP Traps Generation : Disabled 

MD5 digest : 0x57 OxCD 0x40 0x65 0x63 0x59 0x47 OxBD 

Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00 

Local updatcr ID is 0.0.0.0 (no valid interface found) 



Task 3 

This VTP domain should be password protected using "Cisco" as the password. 



On both switches 

Switchfconfig^VTP password Cisco 

You should get the following message: 

Setting device VLAN database password to Cisco 

Note, if a domain name is not assigned to the snitches and the default name of 



CCIE R&S b} N ar bik Kochar ia m Ad v am: l d CC I E R& S \\ o rk Boo k 2 . II Page S? of 1 068 

CM N«r bik. Kucha runs. All rijhu raerved 



"NULL'" is used, a pass\>ord can not be assigned. 

The "VTP password" command can he entered in global configuration mode, 

privilege configuration mode or in the VLAN database mode. 

The password command must be configured statically on both switches because this 

change will NOT get propagated via VTP messages. 

To verify the configuration: 



On the First switch 
Switches how vtp status 

VTP Version : 2 

Configuration Revision : 

Maximum VLAXs supported locally : 1005 

X u mb cr o f c x 1st ing V L A X s : 5 

VTP Operating Mode : Server "* The mode is server by default 

VTP Domain Xamc : CCIE 4 The domain name 

VTP Pmning Mode : Disabled 

VTP V2 Mode : Disabled 

VTP Traps Generation : Disabled 

MD5 digest : 0x1 4 OxTD 0x1 5 0x09 OxDC 0x39 0x65 0xC2 

Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00 

Local updatcr ID is 0.0.0.0 (no valid interlace found) 

VTP password can be changed in three ways: 

Privilege mode: 

Switch#vtp password Cisco 

Vlan Database: 

Vlan database 
Vtp password Cisco 
Exit 

Global config mode: 

Switch(config)#vtp password Cisco 

On the Second switch 

Sv. udvShoy. \tp si.lli.us 



CCIE R&5, b) Narbik Kochar Laiw Advanced CCIE R&S Work Book 2.11 Page 88 of 1068 

C 2009 Vvbik Kucha rum. All rij|hU rcirnril 











VTP Version : 2 
Configuration Revision : 
Maximum VLANs supported locally : 1005 
Number of existing VLANs : 5 




\ TP Operating Mode : Server * I lie mode is server by delauK 


\ J J UUII.lu.-I I ->aliJI_ - H— IE. ~ 1 lit LI U 1 1 J ill II IIliIIIL 

VTP Pruning Mode : Disabled 

VTP V2 Mode : Disabled 

VTP Traps Generation : Disabled 

MD5 digest : 0x57 OxCD 0x40 0x65 0x63 0x59 0x47 OxBD 

Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00 

Local updatar ID is 0.0.0.0 (no valid interface found) 

On any of the switches: 

S w itc h" Show VTP p assw o r d This verifies th e p a ss w i»rd. re ra e m be r 

^r^^^ Spates will nol shem 
VTP Password: Cisco 




Task 4 

The first Catalyst switch should be configured with a hostname of Cat- 1 and the second 
Catalyst should have a hostname of Cat-2. 






On the first Switch 
Switchfconlig .^Hostname Gat-] 

On the Second Switch 

Switch(contig)#Hostnamc Cat-2 




e< 


Task 5 

Cat-2 should NOT have the ability to create, delete orrcnamc VLAK or any VLAN 
information. 

ZIE R& S b) N ar bik Kochar la m Adv anted CCl E R& S Wo rk Boo k 2 .0 Page 89 of 16 

C 2009 NBrbikKacKaruiiu. All rqi lib reserved 


U 



On Cat-2 

Cat-2(coniig)#Vtp mode client 

This configuration can be performed in the vlan database or global con fig mode.. 
The above command displays the command as it was entered in the global conflg 
mode. If you are asked to enter the command in the vlan database, you must first 
enter the "vtp database'" command in the privilege mode, then, enter " vlp client 1 " 
and lastly the "exit"' command is entered so the changes can take effect. 

Once the command is entered you should get the following message: 

Setting device to VTP CLIENT mode. 

VTP Modes: 

The switches can operate in three VTP modes and they are as follows: 

> SERVER - The switch is able to delete, create, or rename VLAN 
information. Catalyst 35 6 CI in server mode participates in the VTP 
domain and propagates the VLAN information. 

> CLIENT - In this mode the switch is able to receive and process the 
VTP messages, but they are not able to create, delete, or rename 
VLAN information. They can assign a port to a given VLAN that 
already exists. Catalyst 356(1 in client mode participates in the VTP 
domain and propagates the VTP messages. 

> Transparent — In this mode the switch is able to create, delete and 
modify the VLAN information but it will not propagate its VLAN 
information to other switches. Catalyst 356(1 switches in this mode do 
NOT participate in VTP domain. A Catalyst 3560 switch must be in 
this mode in order to create the extended-range VLANs (1006 -4094), 
this configuration can only be performed in the global contlg mode 
and NOT in the Vlan database. 



Task 6 

Create and configure the following VLAN assignments on the switches: 



CCIE R&«* by Nflrbik Kotharbiw Advanced CCIE R&S Work Book 2.0 Page 90 of 1068 

C 2009 NBrbikKacKaruiiu. All riflhu r«erv«l 



Router Interface 


VLA.N number 


CA'l' Switches Port 


Rl - FO/0 


12 


Cat-1 F0/1 


R2 - FO/0 


12 


Cat-1 F0/2 


m - FO/0 


34 


Cat-1 Fl) 3 


R4 - FO II 


34 


Cat- 1 FO/4 


R5 - FO/0 


56 


Cat-1 F0 5 


R6 - FO/0 


56 


Cat-1 FO/6 



On Cat-1 




Cat- l(con%)#intcrtacc range fO/1 -2 
Cat- l(config-if)#s witch mode access 
Cat-l(config-if>switch access vlan 12 


Cat-](config)#intcrfacc range 1*0 3 -4 
Cat- l(config-if)#s witch mode access 
Cat-l(CCmfig-if)#SWitL'h aeeess vlan 34 


Cat-l(config)#intcrfacc range FO 5 - 6 
Cat-l(config-if)#switch mode aeeess 
Cat- l(coniig-if)#s witch aeeess vlan 56 


Note the Vlan information will be propagated to the other switch (Cat-2), 
because both switches are in the same VTP domain and they are both 
configured with the same password. 


On Cat-2 




Cat-2#Show vlan brie I Exc unsup 




V L A N N amc S t at us 


Ports 


I default active 


FaD/l,FaO/2, Fa0/3 t FaO/4 
Fall 5, FaO/6, FaO/7, FaO/8 
F aO/9 , FaO/ 1 € , Faf )/ 1 1 s FaO/ 1 2 
FaO/ 13, FaO/ 14, FaO/ 15, FaO/ 16 
FaO/ 17, FaO/ 18, FaO/23, FaO/24 
Gi(yi s GiO/2 


12 YLAX0012 active 
34 VLAX0034 active 
56 VLAN0056 active 





CC1E R&S b\ Narlrik Kuirharians 



Ad* ancird CCIE R&<> Wurk Book 2.0 

C 2009 \arl>ik Kucha riam. All righu rwervwl 



Pqge91aflQ68 



Cat-2#Sho\v VTP Status 






VTP Version 




:2 


Co nfigu ration Revision 




:3 


M ax im u m V L AN s su p p a rt cd loc-al ly 


: 1 005 


X umber of existing VLAXs 




:g 


VTP Operating Mode 




: Client 


VTP Domain Name 




:CC1E 


VTP Pruning Mode 




: Disabled 


VTP V2 Mode 




: Disabled 


VTP Traps Generation 




: Disabled 


MD5 digest 




: 0x97 0x9D OxFl 0xF9 OxFE 0x21 OxCC 


Oxl D 






Configuration last modified 


by 0.0.0.0 at .3-1-93 00:06:1 


Local updatcr ID is 0.0.0.0 ( 


no valid 


interlace found) 


On Cat-1 






Cat- WSkom VTP Status 






VTP Version 




2 


Configuration Revision 




:3 


Maximum VLANs support c 


d locally 


: 1005 


Number ofcxisting VLAXs 




: 8 


VTP Operating Mode 




: Server 


VTP Domain Name 




:CC1E 


VTP Paining Mode 




: Disabled 


VTP V2 Mode 




: Disabled 


VTP Traps Generation 




: Disabled 


MD5 digest 




: 0x97 0x9D OxFl 0xF9 OxFE 0x21 OxCC 


0x1 D 






Configuration last modified 


by 0.0.0.0 at .3-1-93 00:06:1 


Local updatcr ID is 0.0.0.0 ( 


no valid 


interface found) 


Note, the VTP version is 2, 


Configuration revision is 3, number of existing 


VLAXs is S on both snitch 


es, (because they are synchronized), and the reason 


the VLAN information was prop ay 


ated is because the VTP domain name and 


the password is identical on both switches and the snitches are trunked. 



CC1E R&S Lit Narbik KuL-harians 



Adv anctd COE R&S Wurk Book 2.0 

C 2009 \srl>ik Kucha rianx All rijjhu raerv«l 



Page 92 of 1068 



Task 7 

Configure Loopback and Loopback I interfaces on Cat-1, use the IP address of 1.1 
/8 and 11.1.1.1 .8 respectively and ensure that ONLY the 1 P address of Loopback I 
interface is used as the preferred source for the VTP IP updatcr address. 



Note in the previous Task when the "show vtp status" command was entered on 
Cat-1, the last line of the output displayed "no valid interlace found'". 
Catalyst switches will use the IP address of the lowest physical interface number, 
if one does not exist, then loop hack interface will he used as the source of all 
VTP messages, but this behavior can be change by using the "VTP interface 
Loopback 1'" global con fig command. 

On Cat-1 



Cat- l(ODnfig)# Interface Loopback 

Cat- l(config-it> lp address I . I . I . I 255.0.0.0 

Cat- 1 ( con %)# Interface Loopback I 

Cat- l(conng-ii)# lp address 11.1.1.1 255.0.0.0 

Cat- If* Show vtp status 

VTP Version : 2 

Configuration Revision : 3 

Maximum VLANs supported locally : 1005 

Number of existing VLANs : 8 

VTP Operating Mode : Server 

V TP D o mai n N amc : C C 1 E 

VTP Paining Mode : Disabled 

VTP V2 Mode : Disabled 

VTP Traps Generation : Disabled 

MD5 digest : 0x97 0x9D OxFl 0xF9 OxFE 0x21 OxCC Ox ID 

Configuration last modified by 0.0.0.0 at 3-1-93 00:06: 1 I 

Local updatcr ID is 1.1.1.1 on interface LoO (first Iayer3 interface found) 

Note Loopback (I is used as the source of all VTP messages. Enter the following 
command to change the source to Loopback 1 interface: 

Cat-1 (co n%)# Vtp interface l.oopbackl ONLY 

Note the "ONLY" argument makes this interface mandatory. YOU MUST 
TYPE LOOPBACK1 OR LOl, OR ELSE IT WILL NOT WORK, the 1 OS will 
take LI but it WILL NOT WORK. 



COE R&* bj Narbik KochariaiH Advanced CC1E R&S Work Book 2,11 Page 93 ttfl068 

C 204)9 Narbik Kocluirui iu. All riflliU raerved 



To verify the configuration: 

On Cat-1 

Cat-l#Show vtp status 

VTP Version : 2 

Configuration Revision : 3 

Maximum VLANs supported locally : 1005 

X u mb cr a 1* c x ist ing V LAX s : 8 

VTP Operating Mode : Server 

V TP Do mai n X amc : C C 1 E 

VTP Paining Mode : Disabled 

VTP V2 Mode : Disabled 

VTP Traps Generation : Disabled 

MD5 digest : 0x97 0x9D OxFl 0xF9 OxFE 0x21 OxCC 0x1 D 

Configuration last modified by 0.0.0.0 at 3-1-93 00: 1 8:54 

Local updater ID is 11.1.1.1 on interlace Lol (preferred interlace) 

Preferred interlace name is loopbackl (mandatory) 

On Cat -2 

Cat-2r*Show vtp status 

VTP Version : 2 

Configuration Revision : 3 

Maximum VLANs supported locally : 1005 

Xumbcr of existing VLAXs :8 

VTP Operating Mode : Client 

VTP Do mai n Name : C C 1 E 

VTP Paining Mode : Disabled 

VTP V2 Mode : Disabled 

VTP Traps Generation : Disabled 

MD5 digest : 0x97 0x9D OxF 1 0xF9 OxFE 0x21 OxCC 0x1 D 

Configuration last modified by ().(!.(».» at 3-1-93 (10:22:29 

Note this change has not been propagated, therefore, to force the propagation of 
this change, a VLAN is created, in this case VLAN 80, so you can see that the 
change was made by the Loophack 1 interface with an IP address of 11.1.1.1 on 
Cat-2. This VLAN should be deleted before proceeding to the next task. 

On Cat-1 



CCIE R&«* b> Narbik Kochariaiw Advanced CCIE R&S Work Book 2.11 Page 94 qfIQ68 

C 2009 Vvbik Kucha riani. All right! rcirnril 



Cat.](con%)#Vlan 80 








Cat- l(con%-vlan)f#Exit 








To verify the configuration: 








On Cat-2 








Cat-2#ShDwvtp status 








VTP Version 


2 






Configuration Revision 


:4 






Maximum VLANs supported locally 


: 1005 






Number of existing VLANs 


:9 






VTP Operating Mode 


: Client 






VTP Domain Name 


:CC1E 






VTP Paining Mode 


: Disabled 






VTP V2 Mode 


: Disabled 






VTP Traps Cicncration 


: Disabled 






MD5 digest 


: 0x02 0x05 


cm: 


0x34 OxFO OxCO 0x35 0x9D 


Configuration last modi lied by 11.1 


.1.1 at 3-1-93 00:34:33 


On Cat-1 








Cat- l(conng')#No vlan 80 









Task 8 

Re-configure the trunk between the two switches such that none of these switches use 
DTP to negotiate this trunk. 



On Both Switches 

(config^ntcrfacc range F0 1 9-20 
(config-if-range)#Switchport nonegotiatc 

Note the ports must be in trunk mode before the "nonegotiate" command is entered, 
or else the following error message will be received: 

Command rejected: Conflict between 'nonegotiate' and 'dynamic' status. 



CCIE R& S b> N ar bik Kochar la ns Ad* anc l d CC1 E R& S \\ u rk Buo k 2 . II Page 9S of 1 068 

C 204)9 Nw-bikKucluirUiiu. All rig h Unnerved 



A poil can be configured as follows: 

Sialic Access - This port can belong to ONLY one VLAN, and it's manually 
assigned to a given VLAN. 

Trunk - A trunk port by default is member of all normal range VLANs 1-1(1(15 (but 
note that VLANs 1, 10(12 - 1(1(15 are automatically created and can not be removed, 
onlj 2 to ll'DI can be niantialh created, these VLANs are kept in the VI.AN.DAT). 

This also includes the extended-range VLANs (1(106 - 4094), and this membership 
can be limited by configuring the "alltwed-vlan " command. This poil can be 
encapsulated by ISL or tagged by 802. lq. 

Dynamic Access — A dynamic access port can only be a member of one normal 
VLAN, and these ports are dynamically assigned to a given VLAN by a VMPS. 

Voice VLAN - This is an access port connected to an IP phone such as Cisco's 7960, 
and this VLAN is used for Voice traffic. 

Pot lu -Tunnel — These are tunnel ports and are used for 8(12. lq tunneling to 

maintain customer VLAN integrity across a service providers network. A tunnel 
port is configured on an edge switch in the service providers network and it's 
connected to an 802. lq trunk port on a customer snitch's interface, a tunnel port 
belongs to a single VLAN that is dedicated to tunneling. 

'I'o vL'rifv thf eonfiauratiini: 

On Cat-1 

Cat- l#Sh interfaces It) 1 9 switchport 

Name: FaO/19 
Switchport: Enabled 
Administrative Mode: trunk 
Operational Mode: trunk 
Administrative Trunking Encapsulation: isl 
Operational Trunking Encapsulation: isl 
Negotiation of Trunking: Off 
i The rest of the output is omitted) 

Cat-lr*Sh interfaces ft) 20 switchport 

Name: FaO 20 



CCIE R&* b) Narbik Kocharians Ad* diictd CC1E R&S Work Book 2.11 Page % of 1068 

2009 Var bib Kucha riani. All rijjhu raerved 



Switchport: Enabled 

Administrative Mode: trunk 

Operational Mode: trunk 

Administrative Trunk ing Encapsulation: isl 

Operational T run king Eneapsulation: isl 

Negotiation oI'Trunking: Off 

i The rest of the output is omitted/ 



Task 9 

Configure the switches such that Hooded traffic is restricted to the trunk links that the 
traffic must use to reach the destination device. 



To see the default setting: 














On Cal-2 














Cat-2#Show vtp status 














VTP Version 


; 


: 










Configuration Revision 




5 










Maximum VLANs supporter 


locally 


: 1005 










Number of exist ing VLANs 




8 










VTP Operating Mode 




: Client 










VTP Domain Name 




:CC1E 










VTP Pruning Mode 




: Disabled*— _ 










VTP V2 Mode 




: Disabled 




Prun 


is 


s disabled 


VTP Traps Generation 




: Disabled 










MD5 digest 




: 0x97 0x9D OxFl 


0xF9 OxFE 0x2 


10s 


CC 0x1 D 


Configuration last modified by 11.1.1 


. 1 at 3-1-93 00: 12 


48 








Note \TP Pinning is disabled by default, enter the follow in 


1 command to enable 


VTP pruning: 














On Cat-1 














Cat-l#Vtp pruning 














This command can be conli 


gured in privilege mode. 


Global 


con fig ]i 


odt 


, and/or in 


the Vlan database. Once th 


s feature is enabled it ni 


1 uet pi 


opauated to 


the other 



CCIE R& S b> N ar bik Kochar la its Adv anir l d C CI E R& S W o rk Boo k 2 . II Page 9? of 1 068 

C2009 NarbikKacharuinx All riflhu rcirrvnl 



switches within the VTP domain. 

To verify the configuration on both switches: 

On Cat-2 

Cat-2*Show vtp status 

VTP Version : 2 

Conligurution Re\ :s:on : 5 

Maximum VLANs supported locally : 1005 

Number ofcxisting VLANs : 8 

VTP Operating Mode : Client 

VTP Domain Name : CC1E 

VTP Pruning Mode : Enabled 

VTP V2 Mode : Disabled 

VTP Traps Generation : Disabled 

MD5 digest : 0x97 0x9D OxF 1 0xF9 OxFE 0x21 OxC C 0x1 D 

Configuration last modified by I I . I . I . I at 3-1-93 00:12:48 

Note \TP messages propagate the change through the entire VTP domain. 



Task 10 

Configure Cat- 1 and Cat-2 such that only the trunk ports ( F0T 9 and Ffl'20) and the ports 
that routers Rl to R6 arc connected arc in use, the rest of the ports should be configured 
in administratively down state 



On Both Switches: 

(cnfigplnt range ffi'7-18 , F0 23-24 
( co nfig- i t-rangc)# S hu t 



To verify the configuration: 



On Cat-1 



Cat- 1#S||DW inter status Inc disab.c 



FaO/7 disabled I auto auto 10 1 OOBascTX 



CCIE R& S b> N ar btk Kochur la its Ad v anir l d CC I E R& S Wu rk Boo k 2 . II Page 98 of 1 068 

C2009 Nw-bikKocharuinx All rights raerved 



FaO/8 


disabled 


auto 


auto 


10/ 100BaseTX 


FaO/9 


disabled 


auto 


auto 


10 100BaseTX 


FaD/10 


disabled 


auto 


auto 


10 1 OOBascTX 


FaQ/1 1 


disabled 


auto 


auto 


10/ 100BaseTX 


FaO/12 


disabled 


auto 


auto 


10/ 100BaseTX 


FaD/13 


disabled 


auto 


auto 


10 100BaseTX 


FaO/14 


disabled 


auto 


auto 


10. 100BaseTX 


FaO/15 


disabled 


auto 


auto 


10/ 100BaseTX 


FaD/16 


disabled 


auto 


auto 


10/1 OOBascTX 


FaQ/17 


disabled 


auto 


auto 


10 100BaseTX 


FaQ/1 8 


disabled 


auto 


auto 


10. 100BaseTX 


FaO/21 


disabled 


auto 


auto 


10/ 100BaseTX 


FaO/22 


disabled 


auto 


auto 


10/1 OOBascTX 


FaO 23 


disabled 


auto 


auto 


10 100BaseTX 


FaO/24 


disabled 


[ auto 


auto 


10 100BaseTX 



Task I I 

Ensure that Cat-] is the root bridge for the VLANs 12, 34 and Cat -2 is the root bridge for 
VLAX 56. Do XOT use the "priority" command to accomplish this task. 



There are two commands that 


can be used to d 


i splay the BID for a 


given switch: 


> 


Show version 












> 


Show spanning-l 


ree bridge 










On Cat-1 














Cat- 1 "Show- 


version 1 Inc Base 












Base cthcrnct MAC Address 


:00:1B:D4:59:A6:00 








The follow in 


g command revea 


s the base MAC 


address 


of the 


swit 


L'h: The BID is a 


combination 


of priority and th 


e base MAC address. 








Cat- [#Skjw 


spanning- tree bridg 


j 


Hello 


Max 


Fwd 




Vlan 


Bridge ID 


Time 


Age 


Dly 


Protocol 


VLAX0001 


32769 (32768, 


1) 001b. d4 59. a 


600 2 


20 


15 


iccc 


VLAN00I2 


32780 (32768, 


12)001b.d459.a 


600 2 


20 


15 


1CCC 



CCIE R&«i bv Narlilk Kuchiiriuns 



Ad* anctd CCIE R&S Uurk Book 2.0 

C 2009 Narlrib Kudu rum. All rtyhU rtiervwl 



Page 99 of 1068 



VLAN0034 32802 (32768, 34) 001b.d459.a600 2 20 15 iccc 

VLAN0056 32824(32768, 56) (I01b.d459.a600 2 20 \5 iccc 

Note the priority starts with 32768, each VLAN that is created adds it's VLA\ number to 
the default priurity value (If the base priority and the VLAN number is added within the 
parenthesis, the sum will be the priority for that given VLAN), VLAN 12 adds 12 to the 
default priority value therefore the priority is 3278(1 and VLAN 34 adds 34 to the default 
priority value, therefore, the priority is 32802. Note that the MAC is the base MAC address 
and it remains the same, in this case (001b.d459.a600). 
Note your MAC address maybe different. 

Enter the following command to reveal the BID and the mot bridge for a given VLAN: 

On Cat-1 

Cat- l"Sho\v spanning- tree vlan 12 

VLANOO i 2 
Spanning tree enabled protocol iccc X The MAC address of the root bridge 

Root ID Priority 32780 ^X 

Address 001 l.hheh.8780 

Com I 1 -) 

Port 21 (FastEthcrnctQ'19) 

Hello Time 2 sec Max Age 20 sec Forward Delay 1 5 sec 

Bridge ID Priority 32780 (priority 32768 sys-id-cxt 12) 
Address 001b.d459.a600 

Hello Time 2 sec Max AgciTKsec Forward Delay 15 sec 
Aging Time 300 ^\ 



""'•■ The .Mliu LiddruHH ol' I lie local Hivilcii 
Interface Role Sts Cost Prio.NbrTypc 

FaO. 19 Root FWD 19 128.21 P2p 

Fa0/20 Altn BLK 19 128.22 P2p 

Enter the following commands to configure Cat-1 to be the root bridge for VLANs 12 and 
34: 

On Cat-1 

Cat- 1 ( co nlig)f*S panning -tree vlan 12,34 root primary 

The above command configures Cat-1 to be the root for VLANs 12 and 34: the "root" 
keyword is a macro that reduces the BID of the switch for a given VLAN by a value of 81 92 



CCIE R&S by Narbflc Kuchariuiw Advanced CC1E R&S Work Book 2.0 Page W0oflQ68 

C 2009 Varbik Kucha riant. All righu reserved 



(The lower value is the preferred value). There are no spaces between the 12 and the comma 
and the 34. 

Cat- L#SjffljW spanning-trcc v.an 1 2 

YLAX0012 Note 32768+12-8192 = 24588 

Spanning tree cnabxd protocoj-ifcee 
Rcx.it ID Priority 24588 ' 

Address 001b.d459.a600 

This bridge is the mot 

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec 

B ridge 1 D P ri o r i ty 24 5 8 8 (p rio rity 24 5 7 6 sy s- id -cxt 1 2 ) 
Address 00lb.d459.a600 

Hclk) Time 2 sec Max Age 20 sec Forward Delay 15 sec 
Aging Time 300 

Interface Role Sts Cost PrioJNbr Type 

FaD/19 DcsgF\VD19 128.21 P2p 

FaO/20 Dcsg FWD 1 9 128.22 P2p 

On Cat-2 

Cat-2(contig)mrSpanning-tree vlan 56 root primary 
To verify the configuration: 

On Cat-2 

Cat-2#Show spanning vlan 56 

VLAN0O56 

Spanning tree enabled protocol iccc 
Root ID Priority 24632 

Address 001 l.bbeb. 8780 

This bridge is the root 

Hello Time 2 sec Max Age 20 sec Forward Delay 1 5 sec 

Bridge ID Priority 24632 (priority 24576 sys-id-cxt 56) 
Address 0011.bbeb.8780 

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec 
Aging Time 300 



CCIE R&S by Narhik Kuchariaiw Advanced CCIE R&S Work Book 2.0 Page 101 of 1068 

C2009 NarbikKochariaiu, All riflhU rnervetl 



] ntcrtacc Ro \c Sts Co st Prio . N br Typ e 

FaD .19 DcsgF\VD!9 128.21 P2p 

FaO/20 Dcsg FWD 19 128.22 P2p 



Task 12 

Cat- 1 should be configured such that the ports that routers Rl to R6 arc connected will 
bypass listcningand learning state If any of these ports receive BPDL' packets, they 
should transition into crrdisablc state. Use minimum number of commands to accomplish 
this task. This configuration should only be applied to the ports that the routers Rl - R6 
arc connected to as well as any future port that has this feature enabled. 



On Cat-1 

Cat- l(config)#Spanning-lree portfast bpduguard default 

C at- 1 (con tig )#1 ntcrtacc range FO'l - 6 
Cat- l(conflg-if)#Spanning-trcc port fast 

Once the "Spanning- tree portfast'" command is entered you should see the following 
warning message: 

%Warnlng: portfast should only be enabled on ports connected to a single 
host. Connecting hubs, concentrators, switches, bridges, etc... to this Interface when 
portfast is enabled, can cause temporaiy bridging loops. 
Use with C ALT! ON 

%Portfast will be configured in 6 interfaces due to the range command 
but will only have effect when the interfaces are in a nan-trimking mode. 

The " spa nning-tree portfast bpdu guard default"" command in global con fig mode 
will shut the port down in err-disable mode if any portfast enabled port receives 
BPDU packets. 

To verify the configuration: 



On Cat-1 



Cat-lftSh spanning-trcc interface ft) ''I portfast 



COE R&*> by NarMk Kueharians Advanced CCIE R&S Work Book 2.0 Page 102 of 1068 

C 2009 \»rbik Koch* runs. All rijjhu raerved 



VLAN0012 enabled 

Note if the output of the above show command states "no spanning tree info 
available for FastEthernelO/1", it only means that the FO'U interface of Rl is in 

Shutdov>n mode. 

To test the configuration: 

On SW2 

Cat-2i'conlig)#spanning-tree portfast hpdu guard default 

Cat-2(conlig)#int 10/23 
Cat-2(config-if)#swi mode ace 
Cat-2(contig-it)r ! spanning-ti"ee portfast 
Cat-2('conng-if)*\o shut 

Note if the 111/23 interface of Switch 3 is enabled, it will generate RPDUs and because 
of this configuration, F0/23 interface of SVV-2 will transition into err-disable mode, 
as follows: 

On Switch 3 

Switch(config)#int 111/23 
Swifcch(oonfig-if)#NO shut 

On Cat-2 

Villi should seethe following messages: 

l} ASPANTREE-2-BLOCK_BPDUGUA RD: Received BPDU on port FastEthernetO/23 
with BPDU Guard enabled. Disabling port. 

%PM-4-ERR_D!SABLE: hpduguard error detected on FaO/23, putting FaO/23 in err- 
disable state 

To verify that inter tit ci 1 fu723 is in err- disable mode: 

On Cat-2 

Cat-2*Sh inter It) 23 status 

Port Name Status Man Duplex Speed Type 

Fad 23 err-disablcd I auto auto 1 6 ■' 100BaseTX 



CCIE R&«* by NarMk Koc-harians Advanced CC1E R&S Work Book 2.0 Page 103 of 1068 

C 2009 Varl>ik Kucha riant. All rnjhla reserved 



To change the configuration back: 

On Cat-2 

C at -2( con %)#>"() spa lining -tree port fast bpdu guard default 

Cat-2(config)#int ffi'23 

Cat-2(config-if)#Shut 

Cat-2(config-if)#NO spanning-tree portfast 



Task 13 

Cat-2 should be configured such that the ports that routers Rl to R6 arc connected (FO.'l - 
FO/6) will bypass listening and learning state. If any of these ports receive BPDL" packets, 
they should no longer bypass their listening and learning state. This configuration should 
apply to existing and future ports that arc configured as portfast. 



On Cat-2 

Cat-2(config)r*Spaiining-tree portfast bpdufiltLT default 

Cat-2(config)#lntcrfacc range FO.'l - 6 
Cat-2(config-if)r ! Spann.ing-tree portfast 

When BPDl Filter is enabled globally, it will apply to all portfast enabled interfaces: 
If any portfast enabled interface receives BPDLs, it will bypass listening and 
learning state, \\hich means that it will loose it's portfast state. 



Task 14 

You received a request from the IT department to monitor and ana'.yzc all the packets 
sent and received by the host connected to port FQ 1 4 on Cat- 1 : yo u have connected the 
packet analyzer to port FO 15 on the same switch. Configure the switch to accommodate 
this request. 



On Cat-1 



CCIE R&^ bj Narblk KuL-hariaiw Adt anted OOE R&S Work Book 2.0 Pqge 104 of 1068 

CM Narbik Koch* runx All rig h Unnerved 



Cat- I(conng)#monitor session 1 source interface FQ/14 both 
Cat- 1 ( co n fig) ** monitor session 1 destination interface FUfc'TS 

Note the following: 

> 'There can only be rwa monitor sessions configured on a given switch 

> Their direction tcj monitor can be configured as Rx, Tx, or Both, Rx is 
for received traffic, Tx is for Transmitted traffic, and both is in both 
directions. Both is the default direction.. 

> To verify Enter the "Show monitor session 1" command. 

To verily the configuration: 



On Cat-1 



Cat- l#Show monitor session 1 



Session 



Type : Local Session 

Source Ports : 

Both : FaO/14 

Destination Porte : Fat).' 15 

Encapsulation : Native 
Ingress : Disabled 



Task 15 

You received another request from your IT department to keep track of all the MAC 
addresses that arc learned by Cat-2 port FO. 1 8. The switch must use the WIS located at 
192. 168. 1. 1 .'24: this switch should send a community string of "Private" with the 
notification operation. You should use an IP address of 2.2.2.2 .'8 to accomplish this task. 



On Cat-2 

Cat-2(conng)nSnmp- server host 192.168.1.1 traps Private 

%lP_SNMP-3-SOCKET: can't open UDP socket 

Unable to open socket on port 161 

Note since this suitch is not configured with an IP address, it will fail to configure 



CCIE R&<> b\ Narbik KuL-hariaiw Adt anctd CCIE R&S Work Buok 2.0 Pqge WS of 1068 

C 2009 N«r l>ik Kucha ria n«. Al I riy h U raerved 



the Srtmp server. Therefore, an IP address should he eon figured he lb re entering the 
"snmp-server'" command as follows: 

Cat-2(config)#lnt IflQ 
Cat-2(config-ii>«p addr 22,2.2 255.0.0.0 

The following command identifies he N.MS and sends a community string of Private 
with the notification operation. 

Cat-2(config)#snmp- server host 192.168.1.1 traps Private 

The following command configures the switch to send mac- address traps to the 
VMS: 

C at - 2( co n fig )~ snmp-server enable traps mac-notification 

Cat-2(config)#lntcr ffl/18 

Cat-2(config-if)#snmp trap mac-notification added 

The above command enables the SNMP trap on interface F0T8 and configures the 
switch to send MAC notification traps whenever a MAC- address is added. If the 
switch must be configured to report the MAC addresses that are learnt and expired, 
then " snmp trap mac-notification change removed" command must also he 
configured. 

To verify the configuration: 

On Cat-2 

Cat-2#Sho\v mac -address-table notification inter it).' 18 

MAC Notification Feature is Disabled on the switch 
Interface MAC Added Trap MAC Removed Trap 

FastEthcrnctO/18 Enabled Disabled 

Note the mac-notification is disabled, the following command will enable the mac- 
notiilcation on the switch: 

Cat-2(config)#mae address-table notification 

To verify the configuration: 



CCIE R&«* by NarMk Kuehariaiw Advanced CCIE R&S Work Book 2.11 Page 106 of 1068 

C2009 Xarbik Kucha riim All rig h Unnerved 



On Cat-2 

Cat-2#Show mac-addrcss-tablc notification interface FO 18 

MAC Notification Feature is Enabled on the switch 
Interface MAC Added Trap MAC Removed Trap 

FastEthcrnctOlS Enabled Disabled 



Task 16 

Configure Cat-2's port FQ'14 to limit the amount of bandwidth utilization for broadcast 
traffic to 50%, 



On Cat-2 

C at -2( con fig ^Interface FO' 1 4 
Cat-2(config-if)r ! Slorm-eontrol broadcast level 50.0(1 

Storm-control can be used lor Broadcast, Unicast and Multicast traffic, this 
command specifies traffic suppression level for a given type of traffic for a 
particular interface. The level can be from to 1(10 and an optional fraction of a 
level can also be configured from (I — 99. A threshold value of 100 percent means 
that no limit is placed for the specified type of traffic: a value of 0.(1 means that the 
particular type of traffic is blocked all together. 

On 3550 switches v>3iuni lire rale- o I' Multicast traffic exceeds a predefined tlircshokL 
all incoming traffic ('Broadcast. Multicast and t.nicaslf is dropped until tire level of 
Multicast traffic is dropped behm the threshold level.. Once this occurs, onh the 
Spanning- tree packets are foruarded. When Broadcast or Unicast thresholds are 
exceeded, traffic is blocked for only the type of traffic that exceeded the threshold. 

To verify the configuration: 

On Cat-2 

Cat -2^ Show storm- control fll'14 broadcast 

Interface Filter State Upper Lower Current 



CCIE R&$ by Narblk kuchariam Advanced CC1E R&S Work Book 2.11 Page 10? of 1068 

C 2009 Narbik Kxichariaiu. All rights reserved 











Fat).' 14 Forwarding 50.00% 50.00% 0.00% 

If you get "Link Down" as Filter State, the port might he down. 






Task 17 

Mac addresses learnt dynamically by these two switches should not stay in the MAC 
address table if they arc inactive ibr longer than 10 minutes. 






By default the .MAC addresses that are inactive will expire within 300 seconds, this 
task is asking for a 10 minutes threshold, 10 minutes equates to 600 seconds: the 
following command sets the idle timer to 10 minutes: 

On Both Switches 

(config)#Mac address-tahle aging- time 600 

To verify the configuration: 

On Both Switches 

#Sh mac address- tabic aging- time 
Vlan Aging Time 




1 600 
12 600 
34 600 
56 600 




Task IS 

For management purposes, assign an IP address of 10.1.1.11 24 to Cat-1. with a default 
gateway of 10.1. 1.100 ;24. 






On Cat-I 




cc 


IE R&«* b> Narbik KocharLans Advanced CCIE R&S Work Book 2.0 Page lOBoflt 

C2009 Narbik. Koch* ruins. All rhjhU reserved 


168 



Cat- l(config)?*Inler Man 1 

C at- 1 ( co n%-it>]p address 10.1.1.1 1 255.255.255.0 

Cat-l(config-il)r*Xo shut 

Cat- l(config)#lp default-gateway 10.1, 1. 100 
To verify the eonfig uratiuro: 

On Cat-1 

Cat-l*Sh ip interlace vlan 1 

Vlanl is up t line protocol is up 

Interne! address is 1(1.1. 1.1 1/24 

Broadcast address is 255.255.255.255 

Address determined by setup command 
{The rest of the output is omitted) 

Cat- InSh ip route 

Default gateway is 10.1.1.100 

Host Gateway Last Use Total Uses Interlace 

1CMP redirect cache is empty 



Task 19 

Configure routers Rl and R3 using the following IP addresses: 

> Rl - F0/0 = 10.1.12.1/24 

> R3-FO'0= 10.1.34.3 ..24 

Configure Cat- 1 to route between VLAX \1 and 34, use ping to \crA\ the 
communication. The gateway for VLAX 12 should be configured to be 10.1.12.1 DO, and 
the gateway lor V LAX 34 should be configured to be 10.1.34.100. 



On Kl 

RlfconfigWntcrtacc FO/0 

Rl(config-il>]p address 1 0. 1 . 



2.1 255.255.255.0 



CCIE R&<> by NarMk Kuchariaiw Advanced CCIE R&S Work Book 2. II 

C 2009 Virbik Kucha runt. All rij;hU rncrvnl 



Page 109 of 1068 



R 1 (con fig- il>No shut 

Rl(config)#Ip route 0.0.0.0 0.0.0.0 10.1. 12.100 

On K3 

R3(config)#Interfe<« FO/0 

R3(config-il>lp address 10.1.34.3 255.255255.0 

R3(config-if)#No shut 

R3(config)#]p route 0.0.0.0 0.0.0.0 10.1.34.100 

On Cat-1 

Cat- l(cOnfig)#Ip routing 

Cat- 1 (co n fig )#1 n tcrfac c V Ian 1 2 

Cat-l(con%-il>lp address 10.1.12.100 255.255.255.0 

Cat- I (conng)#In tcrfac c Vlan 34 

Cat- 1 ( co n fig- i fl#l p add rcss 10.1.34.100 25 5.255255.0 

A Switch ViftUSl Interface (SVI) represents a VLA.\ of snitch ports as one 
interface to the routing. Only one SVI can be associated with a VLAN. This is 
necessary when configuring InterVlan routing. 

When creating an SVI for a VLAN, the desgnated number must match the 
VLAN number. 

To verify the configuration: 
On Kl 



Rl sPing 10.1.34.3 

Type escape sequence to abort. 

Sending 5 r 100-bytclCMP Echo s to 10.1.34.3, timeout is 2 seconds: 


Success rate is 100 percent (5/5), round-trip min/avg max = 1/24 ms 
On 1*3 

R3#Ping 10.1.12.1 



CCIE R&«> bv Narbik Kucharians 



Advanced CCIE R&S Work Book 2.0 

£2009 Narbik Kucha riini All rtjjhU raervwl 



Page 11 Oof 1068 



Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 10. 1.12.1, timeout is 2 seconds: 

| MM 

Success rate is 100 percent (5/5), round-trip min.'avg'max = 1/2/4 ms 

Note By default, IP routing is disabled on the switch and if the "IP Routing"" 
command is NOT enabled on Cat-1, the communication between Rl and R3 
can NOT occur. 



Task 20 

Remove the configuration from the previous step and configure IntcrVlan routing 
between YLANs 12 and 34. DC) NOT use SVlsto accomplish this task. F0 1 interlace of 
any router can be used to accomplish this task. Use the IP addressing from the previous 
task. Ensure to use an industry standard protocol's to accomplish this task. 



Since R5's Ftt is part of V LAN 56, R5*s Ffl/1 is used to accomplish this task. 

On Cat- 1 

Cat-l(config')#NO Interface Man 12 
Cat-l(conlig)^NO Interface Vlan 34 

On Cat-2 

Cat-2(coniig)#Intcrfacc F0 5 
Cat-2(config-if)#Switchport tmnk encap Dotlq 
Cat-2(conlig-il)rrSwitchport mode trunk 

On K5 

R5i;config)#]nterlacc FO/1 
R5(config-if)#No shut 

R5(config)#Int fflb'1.12 

R5fconl1g-il>Encap dotlq 12 

R5(config-if)f#lp address 1 0. 1 . 12. 100 255255.255.0 

R5(config)#Int ffl/1.34 

R5 (con fig- if)#E neap dotlq 34 

R5(config-if>]p address 1 0. 1 .34. 100 255255.255.0 



C'CIE R&Si b* Narbik kucharian* 



Ad* ancL-d CC1 ERi^ Work Book 2.0 

C2Q09 Varbik Kucha riam. All rtyhU reserved 



Page 111 of 1068 



To verify the configuration: 

On Rl & R3 
Rl#Cleararp 

On Rl 

Rl#Ping 10.1.34.3 

Type escape sequence to abort. 

Sending 5, 100-bytcICMP Echo b to 10.1.34.3, timeout is 2 seconds: 
i nu 

Success rate is 100 percent (5/5), round-trip rnin/avg'max = 1/1/4 ms 

On R3 

R3*Ping 10.1.12.1 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echos to 10. 1. 12. 1, timeout is 2 seconds: 

Success rate is 100 percent (5/5), round-trip min.'avg'max = 1/2/4 ms 



Task 21 

Configure Cat- 1 such that whenever the switch learns or removes a MAC address on its 
port FO/4, an SNMP notification is generated and sent to the WIS located at 192.1 68.1.1 
with a community string of CAT I . Since there arc many users coming and going from the 
network, set up a trap interval time to bundle the notification traps and reduce network 
traffic using the following parameters: 

> The traps should be generated every 30 minutes. 

> The trap should contain a maximum of 1 50 entries. 



This feature enables us to track users tin a network by storing the Mac address 
activity on the switch. Once configured, every time a MAC address is learned 
or removed an S\MP notification is generated and sent to the NMS. On a very 
busy network when lots of users come and go, the default behavior is that an 
SNMP trap is sent every second. Because this can consume bandwidth, there 



CCIE R&S by NarMk Kucharians Advanced CC1E R&S Work Book 2.0 Page U2t>flQ68 

C2Q09 Narbik Kucha riaiu. All rights raervetl 



are two parameters that can be configured to remedy this situation and they 
ail! as follows-: 

'r Mac address- table notification interval - This value specifics the 
notification trap interval in seconds between each set of traps that arc 
generated to the WIS. Default value is one second > and the range is — 
2,147,483,647 seconds. 

P Mac address-table notification history-size — Specifics the maximum 

number of entries in the MAC notification history table. The default value is 
1 , and the range is 1 — 500 entries. 

On Cat- 1 

Cat- 1 ( con fig )#Snmp- server host 192. 168. 1.1 traps CAT I 
C at- 1 ( co nfig)ffSnmp- server enable traps mac -notification 
Cat- l(config)#Mac-addrcss-tablc notification 
Cat- 1 (con fig )#Mac -address-table notification interval 1800 
Cat- l(config)#Mac-addrcss-tablc notification history-size 150 

Cat-l(config')#]ntf0/4 

Cat-l(config-if)ffSnmp trap mac-notification added 

Cat- I(conlig-if)ffSnmp trap mac -notification removed 

To verify the configuration: 



On Cat -I 

Cat- Iff Show mac -ad dress-table notification interface f0'4 

MAC Notification Feature is Enabled on the switch 

Interface MAC Added Trap MAC Removed Trap 

FastEthcrnctOTS Enabled Enabled 

Cat- Iff Show mac -address-table notification 

MAC Notification Feature is Enabled on the switch 

Interval between Notification Traps : 18(1(1 sees 
Number of MAC Addresses Added : 
Number of MAC Addresses Removed : 
Number of Notifications sent to NMS : 



CCIE R&«* bv Narbik Kuchnriaiu 



Advanced CC1E R&S Wurk Book 2.0 

E 2009 Narbik Kucha riani. All rig lib reserved 



Page 11 3 of 1068 



Maximum Number of entries configured in History Table : 150 

Current History Tabic Length : 
MAC Notification Traps arc Enabled 
History Table contents 



To verify the configuration: 



On K4 

R4(config)#int ffl/0 

R4(config-if>lP address 4.4.4.4 255.0.0.0 

R4(config-if)r# no shut 

R4*Ping 1.1.1.1 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echos to 3.3.3.3, timeout is 2 seconds: 

Success rate is (I percent (0/5) 

Note the purpose of the above configuration is to generate some traffic. The 
folio wing Shim command reveals that one MAC address was learned and 
added to the table. 

On SW I 

Cat-l"Sh mac- ad dress- table notification 

MAC Notification Feature is Enabled on the switch 

Interval between Notification Traps : 1 800 sees 

Number of MAC Addresses Added : 1 

Number of MAC Addresses Removed : 

Number of Notifications sent to NMS : 

Maximum Number of entries configured in History Table : 150 

Current History Table Length : 

MAC Notification Traps arc Enabled 

History Table contents 



On R4 



R4(config)#int ffl/0 
R4fconfie-itVShut 



CCIE R&S b* Narbik Kuirharians 



Ad* ancLd CCIE R&S Work Book 2.0 

C 2009 Varbik Kucha rianx All righb reserved 



Page 11 4 of 1068 













The output of the following show command reveals that one MAC address was 
removed. 

On Cat-I 

Cat-l#Sh mac- ad dress- tabic notification 

MAC Notification Feature is Enabled on the switch 

Interval between Notification Traps : 1800 sees 

Number of MAC Addresses Added : 1 

Number of MAC Addresses Removed : 1 

Number of Notifications sent to NMS : 

Maximum Number of entries configured in History Tabic : 150 

Current History Table Length : 

MAC Notification Traps arc Enabled 

History Tabic contents 








Task 22 

Optimize Cat-1 using the lb Ho wing policies: 

Cat- 1 should be configured such that its memory resources arc optimized for routing. 








Switch database management (SDM) are templates that can be configured to 
allocate memory resources in the switch for a specific feature depending on what the 
switch is used for in a given network. 
A switch can be configured to use one of the following templates: 

> A c c es s — L" scd for QO S c la ssi ficat io n and Sec uri ty. 

> Routing — Used for routing 

'r Vlan — Disables routing and sets the switch to be a layer 2 switch. 

> Extended-match — reformats routing memory space to allow 144-bit layer 3 
TCAM support needed for WCCP and/or multiple VR.F instances. 

On Cat-1 

Cat- l(config)#Sdm prefer routing 

You must reboot for these settings to take effect. 

Cat-1#WR 




cc 


IE R&S b) Narbik Kuirharians Advanced CCIE RJfcS Work Book 2.0 Page ItSoflt 

C 2009 NarbikKocha runs. All rijhu rnervetl 


168 



Cat- l#Rebad 






In Verify the configuration alter the rein 


dd: 




On Cat-1 




Cut- l#Show sdm prefer 






The current template is "desktop routing" template. 






The selected template optimizes the resources in 






the switch to support this level of features for 






8 routed interfaces and 1024 VLAN's. 






number of unicast mac addresses: 


3K 




number of IPv4 1GMP groups - multicast routes: 


IK 




number of IPv4 unicast routes: 


UK 




number of directly-connected IPv4 hosts: 


3K 




number of indirect IPv4 routes: 


8K 




number of IPv4 policy based routing aces: 


512 




number of 1 Pv4'\i AC qo s aces: 


512 




number of IPv4/M AC security aces: 


IK 




On Cat-2 






Cat-2#Sh sdm prefer 






The current template is "desktop default" template. 






The selected template optimizes the resources in 






the switch to support this level of features for 






8 routed interfaces and 1024 VLANs. 






number of unicast mac addresses: 


6K 




number of IPv4 1GMP groups- multicast routes: 


IK 




number of IPv4 unicast routes: 


8K 




number of directly-connected IPv4 hosts: 


6K 




n u mbcr o f ind irec 1 1 P v4 ro ut cs: 


2K 




number of IPv4 policy based routing aces: 







number ofIPv4/MAC qos aces: 


512 




number oflPv4/\lAC security aces: 


IK 




Note, the difference in memory allocation is revealed if the buffer 


allocation of Cat-2 


is compared to the Cat-1. 







CCIE R&5> by Narvik Kuehuriaiw Advanced CCIE R&S Work Book 2.0 Page 116 of 1068 

C2009 >iarl>ik Kucha riani. All rijhfci raerved 



Task 23 

Create VLANs 30, 31 and 32 on Cat-1 and ensure that these VLANs can not traverse the 
trunk link between Cat- 1 and Cat-2. 



B\ default a trunk port sends and receives traffic from all VLANs, however, a given 
VLAN or VLANs can foe removed from the trunk link in order to prevent traffic from 
that VLAN/s from traversing over the trunk. 

On Cat-1 



Cat- l(config)#Vlan 30-32 
Cat- ](config-vlan)#cxit 

Before configuring the task we have to check to see if the VLANs that we just created 
can traverse the trunk link. 

Cat- l#Show interface trunk 

Port Mode Encapsulation Status Native vlan 

.'19 on isl trunk ing 1 

.'20 on isl trunk ing 1 

Po rt V Ian s al lowed o n t r u nk 
Fall.' 19 1-4094 
FaO/20 1-4094 

Port Vlans allowed and active in management domain 
FaO.I9 1,12,30-32,34,56 

Fa0/20 1,12,30-32,34,56 

Port Vlans in spanning tree forwarding state and not pruned 
FaO 19 LI 2,34,56 
)/20 1 



To remote those VLANs from tliL 1 trunk links: 

On Both Switches 

(coniig)#]ntcrfacc range ft) 1 9-20 

(coniig-if-rangc)"Switchpoi1 trunk allowed vlan except 30,3132 

Note if an EtherChannel wag created, the command had to he configured directly 



CCIE R&«* by NarMk Kuchariuiw Advanced COE R&S Work Book 2.0 Page II? of 1068 

£2009 NarbikKocharuiiu. All rijhu raerved 



under the port -channel interface. 
To Verify the configuration: 

On Cat-1 

Cat- l#Show int trunk 

Port Mode Encapsulation Status Native vlan 

FaO.'l on isl trunking 1 

FaO 20 on isl trunking I 

Port Vlans allowed on trunk 

FaO/ 19 1-29 J3-4094 - Note VLANs 311 - 32 are removed from the trunk 

FaO/20 1-2933-4(194 

Port Vlans allowed and active in management domain 
FaG/19 1,12,34,56 
FaO/20 1,12,34,56 

Port Vlans in spanning tree forwarding state and not pruned 
FaO 19 1,12,34,56 
)/20 1 



Note the options that can he used with "Switchport trunk alkmed VLAN'" command 
are: Remove, add, all, and except. 

The " Swilchport trunk allowed vlan remove 30,31,32" command could accomplish the 
same task. 



Task 24 

Configure Cut- 1 : .s port F0 If and FO 16 such that when client PCs connect to these ports. 
they automatically become member of a given VLAN. Cat-1 should be configured to use 
1 0. 1.1. 1 as the primary and 10. 1 . 1 .2 as the secondary V MPS server. Ensure that the local 
switch reconfirms the VLAN membership every half hour and if the VMPS can not be 
contacted, the local switch will retry 5 times before considering the VMPS unavailable. 



VMPS: 



> The 3550 switch can't he setup as a VMPS server, but it can he configured as a 
VMPS client. 



CCIE RtS^ bj Narblk KuL-harLuiw Adt anted OCIE R&S Work Book 2.0 Pqge 118 of 1068 

C 30419 Varbik Kucha riant. All rtyhta reserved 



> The client communicates with the VMPS through Vlan Query Protocol (VQP). 

> When a VMPS receives a VQP from the client, it searches its database for a MAC 
to VLAX mapping, and if the mapping is found, it conveys the VLAX information 
to the client and then the client assigns that given VLAX to the port that the client 
is connected to. 

3* The VMPS can operate in Secure mode, which means that if a MAC to VLAX 
mapping can not he found in its database, the VMPS will send a port -shutdown- 
message to the client and the client will shut down that given port, however, if the 
VMPS is not configured in a secure mode, it \*ill send access-deny message, and the 
client will constantly monitor the port and will reject all traffic from that given 
port. 

3* The VMPS client periodically reconfirms the VLAX membership information 

received from the VMPS server. By default this is performed every 60 minutes, this 
interval can be changed using "VMPS reconfirm'" global conlig command. 

> If the VMPS client can't contact the VMPS server, it will retry to establish that 
communication three times and this value can be changed using vmps retry" 
command in the global conlig mode. 

> The database is in form of an ASCII file saved on a I FTP server, which the VMPS 
server accesses. 

On Cat-1 



Before configuring this task we should check some of the default values: 

Cat- 1 * Show vmps 
VQP Client Status: 



VMPS VQP Version: 1 
Rceo n firm Interval: 60 min 

Server Retry Count: 3 
VMPS domain server: 
Reconfirmation status 



VMPS Action: No Dynamic Port 

VMPS VQP version is version 1, and the reconfirmation is at its default value of 60 
minutes, and the retrv value is set to 3. There are no VMPS servers. 



CHE R&«* by NarWk Kueharians Advanced CCIE R&S Work Book 2.0 Page 119o/1068 

C 2009 NarbikKochariaiu. All riflhU raervetl 



Cat- ](config')#int range fO/ 1 5 - 16 

Gat- l(contig-if-range)#5\vkehport mode access 

Cat- l(conng-if-range)#s\vitehport access vlan dynamic 

Cat- I(coniig-if-rangc)#rm shut 

The above command sets ports F(fcT5 and F0.T6 to VLAN dynamic, which means that they 
will acquire their \ LAN information dynamically. The "no shut'" command is required 
because these ports were shut down earlier 

Cat- l(conng)#vmps reconfirm 30 
Cat- ](conng)#vmps retry 5 

The above two commands configure the reconfirmation interval to 3(1 minutes and the 
retry counter to S. 

Cat- 1 (contig)#vmps server 10.1.1.1 primary 
Cat- 1 (conng)rTvmps server 1 0.1 .1 .2 

These commands configure the primary and the secondary VMPS servers. 

To verify the configuration: 

On Cat- 1 

Cat- l#Show vmps 
VQP Client Status: 



VMPS VQP Version: 1 
Reconfirm Interval: 30 min 
Server Retry Count: 5 
V M PS do ma in server: 10.1.1.2 

10. 1. 1.1 (primary, current) 
Reconfirmation status 



VMPS Action: N'o Dynamic Port 



Task 25 

Port F0 I 7 on Cat-1 is connected to a Cisco 7960 IP Phone. Voice traffic that originates 
from the phone is tagged with a CoSof 5, 



CCIE R&<> by Narbik Kucharians Advanced CCIE R&S Work Book 2.0 Page 120oflQ68 

C 2009 Narbik Kocluiruiiu. All rijhu raerved 



A PC is connected to the 7960 IP Phone which is generating traffic with Co S of 3. Ensure 
that the data traffic belongs to VLAN 3 and the Voice traffic belongs to VLAN 5. The 
traffic originated by the 7960 IP Phone should maintain it's CoS value, whereas, the 
traffic that originated from the PC connected to the 7960 IP Phone should be re- writ ten 
with a CoS of 1. 



On Cat-1 

Cat-l(config)#Mls qos 

Cat- 1 (config)#l ntcrfacc FO/ 1 7 
Cat-l(coniig-if)#Switchport access Vlan 3 
Cat-I(config-if)#S witch port voice Vlan 5 
Cat-l(config-if)#Switcrjport priority extend cos 1 
Cat- l(contig-if)rrMls qos trust cos 
Cat- l(config-if)#No shut 

When the phone gets connected to the switch it will form an 8(12. lq trunk link. The 

traffic destined to the PC will be earned in the access VLAN, whereas the traffic 

destined for the "960 IP Phone will he curried in Voice VLAN. 

By default the 3550 doesn't process the CoS value and rewrites all frames with a 

CoS value of 0. To configure the phone such that it processes the CoS values, the 

QOS must he enabled globally using the "mis qos'" command. 

To configure the switch so it trusts the incoming CoS value from the 7960 IP Phone 

the "mis qos trust cos" command is used. 

Since the PC connected to the IP Phone can send traffic to the Phone with any Cos 

value and the phone wants to ensure that the voice traffic that it generates get better 

priority, it overrides the CoS for all traffic that is originated by the 

PC. In this task we have to configure the switch such that it re- writes the traffic with 
a CoS of 1, therefore, the "S\*itchport priority extended cos 1'" command is used. 
The "no shut'" command is required because the port was shut down earlier. 



Task 26 

Configure trunking between Cat- 1 and Cat-2 such that VLAN 12 docs not get tagged 
when the traffic lor this VLAX traverses the trunk. 



Note the I run king encapsulation on the trunk links should have been DOT1Q: in the 
CCIE lab, when configuring a given section, the entire section should be read before 

configuring the individual tasks within that section. 



CCIE R&«* by Narblk kuchurimM AdtuicedCCIE R&S Work Buok 2,11 Page 121 of 1068 

C .2009 Varbik Kucha runt. All rt||hU raerved 



When a trunk is configured with Dotlq, it can receive both tagged and untagged 
traffic By default, the switch forwards untagged traffic in the native VLAN ONLY 
[f a given VLAN should NOT he tagged as it traverses the trunk link then, that 
VLAN should he set as the native VLAN. 

When the native VLAN is changed, ensure that the change is configured on both 
snitches or the trunk link will go down. 

On Both Switches 

i;config)#]ntcriacc range FO/19-20 
(con:fig-il-rangc)#S\vitchport trunk encap dotl q 

To Verify the am figuration: 

On Cat- 1 

Cat- l#Shmv int trunk 

Port Mode Encapsulation Status Native vlan 

Full 19 on 802. Iq trunk ing I 

Fa0.20 on 802. Iq trunk ing I 

Port Vlans allowed on trunk 
FaOT9 1-29,33-4094 
Fa0/20 1-29,33-4094 



Port Vlans allowed and active in management domain 
FaO 19 1,3,5,12,34,56 
FaO 20 1,3,5,12,34.56 



Port Vlans in spanning tree forwarding state and not pruned 
FaO 19 1,3,5,12,34,56 
FaO 20 1 

To u on Injure the native VLAN : 

On Both Switches 

( config)#] ntcrfac c range FGV 1 9-20 
(eonlig-if>rangc)^Sw heliport trunk native \ LAN 12 

To verify the configuration: 



CCIE R&«* by Narblk KucharLans Advanced CCIE R&S Work Book 2.0 Page 122oflQ68 

C 2009 Narbik Kucha rianx All riflhU raervetl 













On Cat- 1 








Cat- 1 -Show interlace trunk 








Port Mode Encapsulation Status Native vlan 
FaO/19 on 802. lq tmnking 12 
FaO/20 on 802. lq tmnking 12 








Port Vlan s allowed on trunk 
FaO/19 1-29,33-4094 
FaO/20 1-29,33-4094 








Port Vlans allowed and active in management domain 
FaO/19 1,3,5,12,34,56 

FaO/20 1,3, 5 ,1 2, 34 56 








Port Vlans in spanning tree forwarding state and not pruned 
FaO/19 1,3,5,12,34,56 
FaO/20 1 








On Cat-2 








Cat -2" Show interlace trunk 








Port Mode Encapsulation Status Native vlan 
FaO/5 on 802. lq tmnking I 
FaO/19 on 802. lq tmnking 12 
FaO/20 on 802. lq tmnking 12 








Port Vlans allowed a n trunk 
FaO/5 1-4094 
FaO/19 1-29,33-4094 
FaO/20 1-29,33-4094 








Port Vlans allowed and active in management domain 
FaO/5 1,3,5, 12,30-32,34,56 
FaO/19 1,3,5,12,34,56 
FaO/20 1,3,5,12,34,56 








Port Vlans in spanning tree forwarding state and not pruned 
FaO/5 L3, 5, 12,30-32,34,56 
FaO/19 1,12,34,56 
FaO/20 none 






CCIE R&«* by Narfaflc Kuirharians Advanced CCIE R&S Work Book 2.0 

C 2009 Varbik Kucha rum. All rhjlitj rtiervfii 


Page 123 of 166S 



Task 27 

The IT department decided to stop monitoring port FO 14 from Task 14, you have 
received a new request to monitor port FO. 14 on Cat- 1 but the protocol analyzer is 
connected to port FO 1 8 on Cat-2. Configure the switches to accommodate this request. 



On Cat-1 

Cat-l(con%)#M) monitor session 1 

Cat-](config')#Vlan90 

C at- 1 ( co n %- v Ian )#R emote- span 

Cat- l(conlig-vlan)#Exit 

The creation of this VLAN can only be done in the global configuration mode, 
because this is the only mode that allows, us to set the VLAN as remote-span. Ensure 
that this VLAN is propagated to Cat-2. 

To vcriiv the configuration: 



On Cat-1: 

Cat- l*Sh vlan brie 

VLAN Name Status Ports 

1 default active FaO/7, FaO'8, FaO 9, FaO; 10 

FaO.'l 1, FaO; 12, FaO; "13, FaO; 14 
FaO/ IS, FaQ/21, FaQ/22, FaO/23 
FaD/24, GiO'L GiO/2 

3 VLAN0003 active FaO; 17 

5 VLAN0005 active FaO; 17 

12 VLAN0012 active Fa0.i ; FaO/2 

30 VLAN0030 active 

31 VLAN0031 active 

32 VLAN0032 active 

34 VLAN0034 active FaO/3, FaO 4 

56 VLAN0056 active FaO/5, FaO/6 

'9(1 VLAN0090 active"*— ■ Ensure that this VLAN is propagated 

i The rest of the output is omitted) to Cat-2 

On Cat-2 



CCIE R&S by NarMk Kuehariaiw Advanced CC1E R&S Work Book 2.0 Page 124 of 1068 

C2009 Narbik KiicIih riant. All rij; h Ij raerved 



Cat-2*Sh vlan brie 




V LAN Name Status Ports 




1 default active FaQ/1, Fa0/2 S Fa0/3 S FaO/4 


Fa0/6 ( Fau77 s Fa0/8 S FaG/9 




FaO/ 1 s FaO/ 1 1 , FaO/ 1 2 , FaO/ 1 3 




Fa0i4, FaO/ 15, FaO/ 16, FaO/ 17 




FaO,i8, FaO/21, FaO/22, FaO/23 




FaO/24, GiO'l, Gi0 2 




3 VLAN0003 active 




5 VLAN0005 active 




12 VLAN0012 active 




30 VLAN0030 active 




31 VLAN0031 active 




32 VLAN0032 active 




34 VLAN0034 active 




56 VLAN0056 active 




90 VL AN () 09 a ct iv e < No te the VLAN is prop ag a ted . 


(The rest of the output is omitted) 




On Cat-! 




Cat- l»Sho\v vlan remote- span 




Remote SPAN VLANs 




90 


On Cat-2 




Cat-2r*Show vlan remote- span 




Remote SPAN VLANs 




90 


Note VLAN 9(1 should be displayed as remote- span on both snitches. 




On Cat-! 




Cat- l(config)#Monitoi" session 1 source interface FO/14 





CCIE R&S by NarMk Kuchariuns Advanced CCIE R&S Work Book 2.0 Page 12Safl068 

C 2009 Xarbik Koch* runx All rqihUmervetl 



Cat-l(coniig)r*Monitor session 1 destination remote vlan 90 
To verify the configuration: 

On Cat- 1 

Cat- If*Sho\v monitor session 1 



Session 1 

Type : Remote Source Session 

Source Ports : 

Both : FaO/14 

Dest RSPAN VLAN : 90 

On Cat-2 

Cat-2(conng)#Monitor session 1 source remote vlan 90 
Cat-2(config)#Moni tor session 1 destination interface Fill/ 18 

Port FO/18 is Where the pro two I analyzer is connected. 

To verify the configuration: 



On Cat-2 



Cat-2#Sh monitor session 1 



Session 1 



Type : Remote Destination Session 

Source RSPAN VLAN : 90 

Destination Ports : FaO/18 

Encapsulation : Native 

Ingress : Disabled 

RSPAN extends SPAN by enabling remote monitoring of multiple switches across your 
network. The traffic for RSPAN traverses over a user defined RSPAN VLAN" (remote 
vlan), in this ease VLAN 90. The SPAN traffic from port F0/14 is reflected to VLAN 90 
(The RSPAN VLAN) and then forwarded over the trunk to port F0'18 an RSPAN 
destination. 



CCIE R&«* by Narfaflc Kuchariuiw Advanced CCIE R&S Work Book 2.0 Page 126 of 1068 

C 2009 Xarbik Kuchariani. All riflhla rncnnl 



Task 28 

Configure the hostname of the third switch to be Cat-3, and disable all ports but F0/21- 
22. This Switch should ioin the "CCIE" VTP domain. 



On the third Switch 

Switch(config)#Hostname Cat-3 

Cat-3(coniig)#int range ffl/1 - 20 , F0''23 - 24 
C at- 3( co n tig- i f-range)#S hu t 

Cat-3(config)#vtp domain CCIE 
Cat-3(coniig)#vtp password Cisco 

Note sometimes a MAN needs to be created in order to propagate the existing 
VL.VNs, as follows: 

On Cat-3 

Cat-3(conf.g')#vlan 99 
Cat-3(contig-vlan)T*cxit 

Note the VLANs are propagated: 

Cat-3#Sh vlan brie 



VLAN Name 
1 default 



12 VLAX0012 

30 VLAN0030 

31 VLAN0031 

32 VLAN0032 
34 VLAN0034 
56 VLAN0056 
90 VLAN0090 



Status Ports 

act ivc FaD/ 1 , FaO/2 , Fa0/3 , FaO/4 
FaO/5, FaO/'6,FaO/7 s FaO/8 
FaD .'9, FaO/'lD, FaO/11, FaD/ 12 
FaD 13, FaD/ 14, FaD/ 15, FaD/ 16 
FaO/17, FaD/ 18, FaD/ 19, FaO/20 
FaO/23 5 Fa0/24 5 Gia'l 5 Gi0/2 

UCt'A C 

active 
active 
active 
active 
active 
active 



Next, Vlan 99 is removed: 



CCIE R&«* bv Narbik K.ui:harians 



Advanced CCIE R&S Work Book 2.0 

C2Q09 Narbik Kucha rianx All right* reserved 



Page 127 of 1068 



Cat-3(con%)#\() 


vlan 99 




Cat-3#Show vlan b 


ric I Exc 


un sup 


VLAN Name 




Status Ports 


1 default 


act ivc FaO: 1 , FaO. 2 , Fat) 3 , FaO: 4 






FaO/5, FaO/6,FaO/7,FaO/8 






FaO,'9, FaO/10, Fa0711,Fa0/12 






FaO/ 1 3 , FaO/ 1 4 , FaO/ 1 5 , FaO/ 1 6 






Fau717 5 FaO/ 18, FaO; 19, FaO 20 






FaO/23, FaD/24, GiO/1 , GiO/2 


12 VLAN0012 




active 


30 V LAND 030 




active 


31 VLAN0031 




active 


32 VLAN0032 




active 


34 VLAN0034 




active 


56 YLAN0056 




active 



Task 29 

Configure ports FO. 2 1 and FO 22 on Cat-3 and Cat-1 as trunk links using an industry 
standard protocol, these links should appear to STP as a single link. If one of the links 
tails, the traffic should use the other link without any interruption. These ports should 
NOT negotiate by using any protocol to accomplish this task. 



EtherChannels provide the folkms: 

> Fault- tolerant, high speed links between switches and routers. 

> EthcrChanncl provides an automatic recovery for the loss of a link by 
redistributing the traffic across the remaining link/s. 

> STP will not block one of the links in the bundle because to STP, the bundle looks 
like a single link. 

> Up to 8 links can be combined to provide more bandwidth. 

> The links within the bundle must have the same characteristics such as duplexing, 
speed and etc. 

> EthcrChanncl can be configured as layer 2 or layer 3. 

P With Layer 3, a logical interface (Port-Channel) is statically configured and alE 
Layer 3 configurations arc performed under that interface. 

> With Layer 2, the logical interface is created automatically. 

> With both Layer 2 and Layer 3, physical interfaces must be manually assigned to 



CCIE R&$ by Narbik Kuchariaiw Advanced CCIE R&S Work Book 2.0 Page 128 of 1068 

C 10419 Nirbik Kucha rum. All righu rcirrvwl 



the logical interface using "channel -group'' configuration command. 

> EthcrChanncls can be configured automatically using Port aggregation protocol 
(PAgP) or Link Aggregation protocol (LACP). 

> PAgP is a Cisco proprietary protocol,, whereas LACP is an industry standard 
IEEE 802. 3ad protocol. 

> Switches can be configured to use PAgP by configuring them in ALTO or 
DESIRABLE mode. 

> Switches can be configured to use LACP by configuring them in ACTIVE or 
PASSIVE mode. 

** If the switches arc configured in ON mode, they will not exchange LACP o r 
PAgP packets. 

There are 5 modes that Uil 1 switches can be configured in; 

> ON — Forces the interface into an EthcrChanncl without PAgP or LACP packets, 
both switches must be configured in OX mode ibr the EthcrChanncl to be 
established. 

> ACTIVE — Used in LACP, the switches will actively negotiate an EthcrChanncl 
link. 

> PASSIVE - Used in LACP, it places the interlace in a passive negotiation mode 
where it only responds to LACP packets that it receives. In this mode the switch 
will not start the negotiation process; this setting minimizes the transmission of 
LACP packets. 

> ALTO - Used in PAgP, it places the interlace in a passive negotiation mode; It 
only responds to PAgP packets that it receives. In this mode the switch will not 
start the negotiation process; this setting minimizes the transmission of PAgP 
packets. 

> DESIRABLE - Used in PAgP, the switches will actively negotiate an 
EthcrChanncl link. 

The following table is very important when configuring EthcrChannels: 



Switch one is configured as 



Switch two is configured as 



Will an EtherChannel 
he established? 



Desirable 



Desirable 



YES 



Desirable 



Auto 



YES 



Auto 



Auto 



NO 



Active 



Active 



YES 



Active 



Passive 



YES 



Passive 



Passive 



NO 



CCIE R&!s bv Narbik Kuchai-ians 



Advanced CCIE R&S Wurk Book 2.0 

C2009 Narbik Kucha runs. All rights reserved 



Page 129 of 1068 



Before configuring EtherChannel, you should check to ensure (hut the interfaces are 
configured with the same characteristics. 

The best way to configure an EtherChannel is to configure the Channel-group 
under the interfaces first, as follows: 

On Both Switches 

i;coniig)#]nt range fO/21 -22 
(coniig-ii-range)r'Channel-group 1 mode on 
(eonfig-if-rangc)#no shut 

Then, configure the port-channel that is created automatically as trunk. 

fcon±ig-if-rangc)#int port-channel 1 
(coniig-ii)#switehport trunk encapsulation dotlq 
(config-ii')#Sw itch port mode trunk 

In verify the configuration: 
On Cat- 1 



Cat- InShow int trunk 

Port Mode Encapsulation Status Native vlan 

FaO 19 on 802. lq trunk ing 12 

Fafl 20 on 802.1q trunking 12 

Pol on 802. lq trunking 1 

Port Vlans allowed on trunk 

FaO 19 1-29,33-4094 
FaO/20 1-29,33-4094 

Pol 1-4094 

Port Vlans allowed and active in management domain 

FaO; 19 1,12,34,56,90 

Fa0/20 LI 2,34,56,90 

Pol 1,12,30-32,34,56,90 

Port Vlans in spanning tree forwarding state and not pruned 

FaO 19 1 

FaO/ 20 1,12,34,56,90 

Pol 1,12,30-32,34,56,90 

On Cat-3 



CCIE R&S b> Nurbik KuL-harLuiw Adt uiccd CCIE R&S Work Book 2.11 Pqge 130ofl068 

£M X«rbik Koch* riinx All riflhU raerved 













Cat-3#Sh int trunk 








Port Mode Encapsulation Status Native vlan 
Pol in 802. lq trunking 1 








Port Vlans alkiwcd on trunk 
Pol 1-4094 








Port Vlans allowed and active in management domain 
Pol 1,12,30-32,34,56 








Port Vlans in spanning tree forwarding state and not pruned 
Pol 1,12,30-32,34,56 








On Cat-1 








Cat- l#Show spanninK-trcc int ffl 2 1 








Mst Instance Role Sts Cost Prio.Xbr Type 








VLAXOOOl Root FWD 12 128.616 P2p 
VLAN0012 Root FWD 12 128.616 P2p 
VLAX0030 Rtx.it FWD 12 128.616 P2p 
VLAX0031 Root FWD 12 128.616 P2p 
VLAX0032 Root FWD 12 128.616 P2p 
VLAX0034 Rtx.it FWD 12 128.616 P2p 
VLAX0056 Root FWD 12 128.616 P2p 








Cat-l#Show spanning-trcc int It) 22 








Mst Instance Ro'c Sts Cost Prio.Nbr Type 






VIAND® 1 Root FWD 12 1 28.616 P2p 

VLAX0012 Root FWD 12 128.616 P2p 
VLAX0030 Root FWD 12 128.616 P2p 
VLAX0031 Root FWD 12 128.616 P2p 
VLAX0032 Root FWD 12 128.616 P2p 
VLAN0034 Root FWD 12 128.616 P2p 
VLAX0056 Root FWD 12 128.616 P2p 




On Cat-3 








Cat-3#Show spanning-trcc int 10/21 






CCIE R&«* by Narbik Kuirharians Advanced CCIE R&S Work Book 2.0 

C 2009 Nirbik Kucha rianx All rights raervMl 


Page 111 of 1068 



Vlan 


Role Sts Cost 


Prio.Xbr Type 


VLAN0001 


DcsgFWD 12 


128.65 


P2p 


VLAX0012 


DcsgFWD 12 


128.65 


P2p 


VLAX0030 


DcsgFWD 12 


128.65 


P2p 


YLAX0031 


Dcsg FWD 1 2 


128.65 


P2p 


YLANQQ32 


DcsgFWD 12 


128.65 


P2p 


VLAN0034 


DcsgFWD 12 


128.65 


P2p 


VLAX0056 


Dcsg FWD 1 2 


128.65 


P2p 


Cat-3#Show s 


panninf»-trce int It) 22 






Vlan 


Role Sts Cost 


Prio.Xbr Type 


YLAX0001 


Dcsg FWD 1 2 


128.65 


P2p 


VLAX0012 


Dcsg FWD 1 2 


128.65 


P2p 


VLAN0030 


DcsgFWD 12 


128.65 


P2p 


VLAN0031 


Dcsg FWD 1 2 


128.65 


P2p 


VLAN0032 


DcsgFWD 12 


128.65 


P2p 


YLAN0034 


DcsgFWD 12 


128.65 


P2p 


VLAX0056 


Dcsg FWD 12 


128.65 


P2p 


Note all inter) 


aces are in forwardi 


ng state because to spanning- tree the port- channel 


appeal's as a single inteifaee. 






A "show etherchannel 1 detail" command 


can reveal that the interfaces are working 


in the bundle. 









Task 30 

Ensure that the EthcrChannc! created in the previous step uses destination MAC 
addresses to load-balance the traffic load. 



Load balancing can be done based on the following: 

Source MAC address — Packets forwarded to an EthcrChanncI arc distributed across the 
ports in the channel based on the source MAC address of the incoming packets. When 
source MAC address load balanc ing is enabled, the load distribution based on the source 
and destination IP address is also enabled 

Destination MAC address — If the EthcrChanncI is between a router and a switch and 



CCIE R&<* by Narhflc Kueharians Advanced CCIE R&S Work Book 2.0 Page 132 of 1068 

£ 2009 NarbikKochariaiu. All rijhu raervetl 



since the router has a single MAC add res s, destination based load balancing is the best 
way. 

to sec the default load balancing: 

On Cat-1 

Note tlie default load balancing is based on the 
Cat- l#show ethcrchanncl load , Source Mac address 



EthcrChanncl Load -Balancing Operational State (sre- mac): 
Non-IP' Source MAC address 

IPv4: Source MAC address 

IPv6: Source IP address 

To configure the load balancing based on the destination Mae addresses: 

On Both Switches 

(config)r#port-channcl load-balance dst-mac 

To verify the configuration: 

Cat-l#sho\v cthcrchannc. .oad 

EthcrChanncl Load -Balancing Operational State (dst-mac): 
Non-IP: Destination MAC address 
1 Pv4 : Destination MAC address 
IPv6: Destination IP address 



Task 31 

Erase the startup configuration and vlan.dat before proceeding to the next lab 



CCIE R&5> by Narvik Kuehuriaiw Advanced CCIE R&S Work Book 2.0 Page 133 of 1068 

C2009 >iarl>ik Kucha riani. All rijhfci raerved 







Lab 4 
35 60 co nf i £U ration 






Task I 

Configure the switches using the following hostnames: 

The first switch as Cat- 1 . the second switch as Cat-2, the third switch as Cat -3 and the 

forth switch as Cat -4 








On the first switch: 

Switch(config)#ho Cat- 1 
Cat-l(config)# 

On the second switch: 

Switch(config)£ho Cat-2 
Cat-2(config)# 

On the third switch: 

Switch(contig)#ho Cat- 3 
Cat-3(config)# 

On the forth switch: 

Switchfconfig.^ho Cat-4 
Cat-4(config)# 






Task 2 

Configure Cat- 1 such that the console messages arc displayed with sequence numhers. 






On Cat-1 




c< 


:IE R&«* b) Narhlk Kuehariami Advanced CC1E R&S Work Book 2.0 Page lidoflt 

C2009 \»rbik Koch* rum All rijha raervwl 


*6i 


f 











Note to generate a console message all we need to do is go to the global eon fig mode 
and get hack to privilege mode as follows: 

Cat- I#c®nft 

Enter configuration commands, one per line. End with CNTL Z. 

Cat- l(config)#cnd 

Cat- If* 

00: 1 7:05 : %S YS -5 -C ON F 1 G_l : Co n figu red fro m co nso Ic by co nso le 

Note the above console message did not have the sequence numbers, to enable the 

sequence numbers: 

On Cat-1 

Cat- If con tig)f# service set] uence- numbers 

Cat- ](config)f*cnd 

Cat- 1# 

000057: 00: 18:46: %SYS-5-CONFlG_l: Configured from console b>' console 

Note 000057 is the sequence number 






Task 3 

Disable the timestamps for all console messages including the debug messages on Cat-1 






On Cat-1 

Cat- l('coniig)r*\0 service timestamps debug 

The above command disables log time stamps, which enables time stamps on log 
messages showing the time since the system was reloaded for all levels (This is 
because debug is the default value, so it displays level 7 and all the loner numbers 
below level 7). 

Cat-l(config)"NO service timestamps log 

The above command disables log time stamps w hich enables time stamps on log 
messages showing the time since the system was reloaded. 

C at - 1 ( co n fig)#c nd 
Cat- 1# 




cc 


IE R&* b> Narbik KoeharLans Advanced COE R&S Work Book 2.0 Page 135 of It 

C 3009 Narlrib Kuchiriini. All righti raervetl 


)68 











00005S: { XSYS-5-CO\ FICi_I: Configured from console by console 
Note (here are no time stamps on the above message. 






Task 4 

Set the time and date of Cat- 1 to 16 minutes passed 4 PM, December 26. 2007. The time 
zone should be set based on Sydney Australia (EST - 1 ! ). You should use a privilege 
level and a global config level command to accomplish this task. 






On Cat-1 

Ctt-l#Clock set 16:16:00 Dee 26 2007 

Cat-l(coni:ig)#etoek time-zone EST -11 
To verifv: 

Cat- !#Show clock 

16:1 7:3 1 . 972 EST Wed Dec 26 2007 






Task 5 

Coniiizurc Cat- 1 such thai the sj.sicir. ir.essLib-es are d:sp'.u\cd v. :th sequence numbers and 
current time and date. 






On Cat-1 

Cat-](conng)#scrvicc timestamps log datctimc 
Cat-l(config)#crjd 

000071: Dec 26 05:19:34: %SYS-5-CO\FlG_I: Configured tram console by console 

Note the sequence number of 000071: followed by the current date and time (Dee 26 
05:19:34) is displayed. 




cc 


IE R&* b> Narbik KoeharLans Advanced CCIE R&S Work Book 2.0 Page 136 of It 

C 2009 Narbik Kochariaiu. All righli reserved 


)6S 





Task 6 

Co n figure Cat- 1 such that the system messages arc displayed with sequence numbers, 
current date and time in HH:M\1:SS and msec and local time and the current timczonc. 






On Cat-1 

Gal- l(config)#ser\ice time Stamps log datetime msec loealtime show-timezone 

Cat-l(coniig)#cnd 

000077: Dec 26 1 '6:28:24 354 EST: %$Y$-5-CONFIGJ: Configured from console by 
console 






Task? 

C o n tigu r c Cat-2 using t he tb Ik) w i ng po 1 icy: 

> The switch should log all Emergency,, Alerts, Critical. Errors and Warning 
messages 

> The syskjg server located at 1 0. 1.1. 1 00. 

> The messages should be logged to locaW facility 






On Cat-2 

Cat-2(config)#logging 10. 1. 1 . 1 00 

Cat-2(config)#logging trap 4 

Cat-2i config)#k)gging facility local4 

'l'» verify the configuration: 

On Cat-2 

Cat-2#Show logging 

Sysk)g logging: enabled (0 messages dropped. 1 messages rate-limited, Hushes, 

overruns, xml disabled, filtering disable 

d) 

Console logging: level debugging, 41 messages logged, xml disabled, 

filtering disabled 
Monitor logging: level debugging, messages logged, xml disabled, 
filtering disabled 




cc 


IE R&* b> Narbik Koeharians A<k anted CCI E R&S Work Book 2.0 Page 137 of It 

C2009 Narbik Kochariaiu. All rq|litj reserved 


)68 













Butter logging: level debugging;, 41 messages logged, xml disabled, 

tillering disabled 
Exception Logging: size (4096 bytes) 
Co Lint and timestamp logging messages: disabled 
File logging: disabled 
Trap logging: level warnings, 43 message lines logged 

Logging to 10. 1.1,1 (HI, message lines logged, xml disabled, 
filtering disabled 






TaskS 

Configure Cat-3 to log the system messages to a file called "syslog**, this file should be 
saved in the Hash with a max size of SI 92. The severity type should be set to 
"debugging". 








On Cat-3 

Cat-3(config)#logging file Hash:sysIog 8192 debugging 

Cat-3(config)#int fD/1 
Cat-3(conng-if)#shut 
Cat-3(coniig-if)#NO shut 

To verify the configuration: 

On Cat-3 

Cat-3#dir 

D irec to ry o f lias h:/ 

2 -rwx 327 Mar 1 1993 00:05:28 -00:00 systcm_cnv_vars 

3 -rwx 3426 Mar 1 1993 02:23:17 -00:00 contig.you 

4 -rwx 3345 Mar 1 1993 01:49:34-00:00 contig.old 

5 -rwx 7134015 Mar 1 1993 00:04:51-00:00 c3550-ipscrviccsk9-mz.l22-25.SEE2.bin 

6 -rwx 327 Marl 1993 01:25:32 -0(1: (HI sy slog 

7 drwx 192 Marl 1993 00:03:42 -00:00 c3550-i9q3l2-mz.l2 1-1 3.E Ala 
24 -rwx Mar 1 1993 00:05:28-00:00 cnv_vars 




cc 


IE R&«* b> Narbik Kochariami Advanced COE R&S Work Book 2.0 Page BR of 1068 

C2009 N»rbik Koch* rum All rhjhU rcjervrd 







Task 9 

Configure Cat-] to disable logging of POE events for it's FO 5 interface 






On Cat-1 

Cat-l(contig)#intFQ.''5 

Cat- ](contig-if)#no logging event powcr-inlinc-status 

This command may not be available cm your switch if the switch that you are 
working on in NOT POE (Power (her Ethernet), 






las kill 

Configure the system resources of Cat-4 such that unicast routing is disabled and it 
supports maximum number of Unicast MAC addresses. 






On Cat-4 

Cat-4#Show sdm prefer 

The current template is the default template. 
The selected template optimizes the resources in 
the switch to support this level of features for 
8 routed interfaces and IK YLAXs. 
number of unicast mac addresses: 5K 
number of igmp groups: IK 
n umber o f qo s aces: I K 
n u mb cr o f sec u r it y ac cs : IK 
n u mb cr o f u n ic as t ro utcs: 8K 
number of multicast routes: 1 K 

To change the SDM template for Unicast routing: 
Cat-4(config)#sdm prefer vlan 
To verify the configuration: 
On Cat-4 




cc 


IE R&«* by Narbik Kocharians Advanced CCIE R&S Work Book 2.0 Page !39aflt 

C 2009 \»rbik Koch* rum All rijjhu raervetl 


>6S 



Cat-4r»Sho\v sdm prefer 

The current template is the default template. 
The selected template optimizes the resources in 
the switch to support this level of features for 
8 routed interfaces and IK V LAN's, 
number of unicast mac addresses: 5K. 
number of igmp groups: IK 

n u mb cr o f qo s ac cs: IK 

n u mb cr o f sec urit y aces : I K 

n u mb cr f u n ic as t ro ut cs: 8K 

number of multicast routes: 1 K 

The template stored for use after the next reload 

is the vlan template. 

The selected template optimizes the resources in 

the switch to support this level of features for 
8 routed interfaces and IK VLANs. 
number of unkast mac addresses: 8K 
number of igmp groups: IK 

n u mb cr o f q o s aces: 1 K 

n u mb cr o f sec u r it y aces : IK 

n u mb cr o f u n ic as t ro ut cs: 

n u mb cr f mu 1 1 icast ro utcs: 

This template disables muting and supports maximum number of Unicast MAC 
addresses. Typically used for layer 2 snitches, if this option is used, routing is done 
in the software and it severely impacts the snitches performance. 



Task II 

Configure port FO I of Cat-1 as a layer 3 interface and assign an IPv6 address of 
12:1:1:12::! '64 to this interface. 



On Cat-1 

Cat-](config')#int HIT 

Cat- !(coniig-if)#no switchport 

Cat-l(conlig-if)#ipv6 address 1 2:1:1:12::! /64 



CCIE R&«> by Narhflt KucharLftns Advanced CC1E R&S Work Book 2.0 Page 140afl068 

C2Q09 N»rbikl£o durum All rijhu raerved 











% Invalid input detected at ''•' marker. 

Note IPv6 is not enabled and therefore, IPv6 addressing can NOT be assigned to any 
of the interfaces on this switch, the 3560 switches support IPv6 but the SDM needs 
to be changed for "dual-ipv4-and-ipv6'" before the IPv6 support is enabled. 

Cat- li'conlig'i^sdm prefer dual-ip\4-and-ip\6 default 

Cat-l(config)#int f&T 

Cat-l(config-if)#ipv6 address 12:1:1:12:: 1/64 

Cat-lfconfig-ifVno shut 

To verify the configuration: 
Cat-l#sh ipv6 inter ft).' 1 

FastEthcrnctO/l is up, line protocol is up 
IPv6 is enabled, link -local address is FE80::217:E0FF:FE26:3B41 
Global unieast address (cs): 
12:1:1: I2::l, subnet is 12:1 : 1 : 1 2:: 64 






Task 12 

Configure FO/23 interlace of Cat- 1 such that it can detect unidirectional links due to one 
way traffic on twisted pair. This switch should be configured such that if FO/23 interface 
transitions into crrdisablc state, it should automatically recover every 2 minutes and if the 
port detects unidirectional links it should repeat the cycle again. 






On Cat-1 & Cat-4 

Cat-x(conng)#int ft) 2 3 
Cat-xtconfig-if^udld port aggressive 

To verify the configuration: 

On Cat-1 

Cat- l#Shudld ID/23 

Interface Fat).' 2 3 




cc 


IE R&* b> Narblk KueharLans Advanced CCtE R&S Work Book 2.0 Page 141 of It 

C 2009 Narbik Kucharuni. All rig lib reserved 


168 



Port enable administrative configuration setting: Enabled / in. aggressive mode 

Port enable operational state: Enabled / in aggressive mode 

Current bidirectional state: Bidirectional 

Current operational! state: Advertisement - Single neighbor detected 

Message interval: 15 

Time out interval: 5 

Entp, 1 

Expiration time: 43 

Device ID: 1 

Current neighbor state: Bidirectional 

Device name CHK0649W0TP 

Port ID: FaO 23 

Neighbor echo 1 device: FDOl 22 1Z2QT 

Neighbor echo I port: FaO. 23 

Message interval: 15 

Timeout interval: 5 

CDP Device name: 5YV4 

Note if the unidirectional link is detected, the following will be the output of ''Show 

udldFoV23" command: 

Interface FaO 23 

Port enable administrative configuration setting: Enabled / in aggressive mode 

Port enable operational state: Enabled / in aggressive mode 

Current bidirectional state: Unknown 

Current operational state: Advertisement 

Message interval: 7 

Time out interval: 5 

No neighbor cache information stored 

To configure the auto recovery upon detection of unidirectional link: 

Cat-](conlig)#ernli sable recovery cause udld 

Command enables the timer to automatically recover from the UDLD error- 
disabled state 

Cat- 1 ( co nfigjrferrdi sable recovery interval 120 

Command specifies the time to recover from the UDLD error-disabled state 



CCIE R&<> by N'Hi-Uk Kueharians Advanced CCIE R&S Work Book 2.0 Page 142 of 1068 

C20Q9 >iarl>ik Kucha rianx All riflhU rcirrvwl 



To verify the tu 


nfiauration: 


On Cat-1 




Cat- l#Sh crrdisablc recovery 


ErrDi sable Reason 


Timer Status 


udld 


Enabled 


bpdu guard 


Disabled 


security- viotatio 


Disabled 


ehanncl-rnisconfig 


Disabled 


vmps 


Disabled 


pagp-tlap 


Disabled 


dtp -flap 


Disabled 


link- flap 


Disabled 


12 pt guard 


Disabled 


p sec Lire- violation 


Disabled 


gbic- invalid 


Disabled 


dhep -rate-limit 


Disabled 


unicast -flood 


Disabled 


storm-control 


Disabled 


arp- inspect ion 


Disabled 


loopback 


Disabled 


Timer interval: 12 


() seconds 



task 13 

Configure the following IP addresses on Cat- 1 and R I : 

Cat-rsFO/1 interface— 10.1.1.10 .'24. Cat-1 should also have a default gateway pointing 

toRl. 

Rl's F0/0 interface 10.1. 1. 1 24, LoO interlace 1.1.1.1 8, Lol interface 100.1.1.1 /24 



On Rl 

Rlfconfig^inttM) 

RKconfig-ityipaddr 10. 1.1.1 255.255255.0 

Rl (config-if)#no shut 



CCIE R&!s bv Narbik KuL-harians 



Advanced CCI E R&.S Wurk Book 2.0 

£ 2009 \ar bib Kucha rian«. All rijhls rcicn til 



Page 143 of 1068 



Rl(config-ii>int loO 
Rl(config-ii>ipaddr 1. 1.1.1 255.0.0.0 

Rl(config-if)#int b! 

Rli;config-if)#ipaddr 100. 1. I.I 255.255.255.0 



Tu verify the configuration: 



On Rl 

R l#Show ip int brie 

Interface 

FastEthcrnctO/0 

FastEthcrnctO'l 

ScrialO/0/0 

SeriaKVO/l 

LoopbackO 

Loopbackl 

On Cat-1 



IP-Address OK? Method Status Protocol 

10.1.1. 1 YE S manua 1 up up 

tinas signed YES unset administratively down down 

unassigncd YES unset administratively down down 

u nass ign cd YE S u nsct ad m i n is trati vc ly do wn d o wn 

1.1.1.1 YES manual up up 

1 00. I.I.I YES manual up up 



Cat-l(conlig)#int fl)/l 

Cat- l(conlig)#no switchport 

Cat-l(con%-if)#ip address 10.1.1.10 255255.255.0 

C at - 1 ( co n tig- i f )# n o shu t 

Cat- l(conng)#ip route 0.0.0.0 0.0.0.0 1 0. 1 . 1 . 1 



To verify the configuration: 



On Cat-1 

Cat-l*Ping 10.1.1.1 

Type escape sequence to abort. 

Sending 5, 100-byte 1CMP Echos to 10. 1. 1.1, timeout is 2 seconds: 

(MM 

Success rate is 100 percent (5/5), round-trip min.'avg'max = 1/202/1006 ms 
Cat- l#Ping 1 00. I.I.I 



COE R&<> by Nartiik Kuchariaiw Advanced CC1E R&S Work Book 2.0 

C 1009 \«rl>ik Kucha rliia All rnjhu raerved 



Page 144 of 1668 











Type escape sequence to abort. 

Sending 5. 100-bytc 1CMP Echos to 100. 1. 1. 1, timeout is 2 seconds: 

(MM 

Success rate is 10(1 percent (5/5), round-trip min/avg'max = 1/202/1007 ms 

Cat-l#PingLLIJ 

Type escape sequence to abort. 

Sending 5, 100-bytc 1 CMP Echos to 1.1.1.1, timeout is 2 scco nds: 

( M M 

Success rate is 100 percent (5/5), round-trip min/avg'max = 1 '202 '1006 ms 






Task 14 

Configure a Smart port Macro on Cat-1 such that it pings all the interfaces oi'Rl. this 
macro should be configured such that it can be executed at any time by entering "TST" in 
the global con fig mode. 






On Cat-1 

Cat-l(conng)#Macro name TST 

Enter macro commands one per line. End with the character '@'. 

do Ping 10.1. I.I 

do Ping 100. I.I.I 

do Ping I.I. 1.1 

Cat- 1# 

In tL'st tht. 1 configuration: 




On Cat-1 

Cat-l(config)#inacro ylobal apply TST 

Type escape sequence to abort. 

Sending 5 r 100-bytc ICMP Echos to 10. 1. 1.1 , timeout is 2 seconds: 

(MM 

Success rate is 100 percent (5'5), round-trip min/avg'max = 1/2'S ms 
Type escape sequence to abort. 


cc 


IE R&* b> Narbik Kocharians Advanced COE R&S Work Book 2.0 Page MS of It 

C20Q9 Virbik Kucha rianx All rijjhu raervetl 


168 



Sending 5 r 100-byte ICMP Echos to 100.1. 1.1. timeout is 2 seconds: 
mil 

Success rate is 100 pereent (5/5), round-trip min/avg/max = 1/2/9 ms 

Type escape sequence to abort. 

Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds: 

1122! 

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms 

To execute the Macro by just entering "TST\ requires configuring an alias, as 
follows: 

Cat- 1 (con fig)#a lias configure IS J macro global apply I SI 
To lest the configuration: 

On Cat-1 

Cat-l(config)#TST 

Type escape sequence to abort. 

Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds: 

fiffj 

Success rate is I (III percent (5/5), round-trip min/avg/max = 1/2/8 ms 

Type escape sequence to abort. 

Sending 5, 100-byte ICMP Echos to 100.1.1.1, timeout is 2 seconds: 

1122! 

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms 

Type escape sequence to abort. 

Sending 5» 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds: 

■ ■22! 

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms 



Task 15 

Configure the F0/0 interface of Rl -R3 in VLan 2; configure Rl - R3 based on following 

parameters: 



CCIE R&S h\ Narbik Kutliarlins Advanced CCIE R&S Work Book 2.0 Page 146 »f!068 

JUIJ'M Narbik Kircbariiuu. All ri^hls rewri l-U 



Router 


Interface 


IP address 


MAC address 


R I 


FOG 


10.1.1.1 /24 


0000.11 11.1111 


r: 


FOG 


10.1.1.2 24 


0000. 7 22 7 . ? 22 7 


R3 


FGG 


10.1.1.3 24 


(BOG. 33 3 3. 3333 



On Rl 

Rl(config)#intfO/'0 

Rl(config-if)#ipaddr 10.1.1.1 255.255255.0 
Rl .(config-it>mac-addrcss (WOO. 1 1 1 1 . 1 1 1 1 
Rl(config-if)#no shut 

On R2 

R2(config)#intfl)/0 

R2(config-if)#ip addr 10.1.1.2 255.255.255.0 
R2(config-ii>*mac-addrcss 0000.2222.2222 
R2(config-ii>no shut 

On R3 

R3(config)#int fO/'O 

R3(cemfig-if)#ip address 10.1. 1.3 255.255.255.0 
R3(config-ii>mac-addrcss 0000. 3333.3333 
R3(config-if)#no shut 

On Cat-1 

Cat-l(config)#intfO/i 
Cat - 1 ( co n fig- i f)#S wi 

Cat- l(config)#int range it)/ 1 -3 
Cat-lfconfig-ii-rangc)T#swi mode ace 
Cat- l(config-if-rangc)#swi ace v 2 
C at - 1 ( co n fig- i i-ran gc)#span n i ng po rt fast 



Task 16 

Configure IP source guard on Cat- 1 such that it filters traffic based on manually 
configured IP source bindings. If any of the hosts in this VLAN uses the IP address of 
another router in this VLAN, the switch (Cat-1 ) should drop that traffic. 



CCIE R&5* bv Narbik KucharLans 



Advanced CCIE R&S Wurk Book 2.0 

£20419 Virbik Kucha riant. All rnjhb reserved 



Page 14? of 1068 



On Cat-1 

Cat-l(config)#ip dhcp snooping 

Cat- l(coniig)#ip dhcp snooping vlan 2 

The above commands enable DHCP snooping Binding for VLAN 2, these must 
be configured, or else the IP source guard will NOT work. 

Cat- ](conn"g)#interfacc range fU ■'' 1-3 
Cat- l(config-if-rangc)#ip verify source 

The above command enables Source IP Address Filtering: with "IP Verify 
Source" command configured under the interfaces, the switch does NOT check 
the Mac addresses that are- bound to the IP addresses. 

Cat- l(config)#ip source binding 0000.1111.1111 vlan 2 10.1.1.1 interface Fill 
Cat-l(conng)#ip source binding 0000.2222.2222 vlan 2 10.1.1.2 interface FO/2 
Cat-](conng)#ip source binding 0000.3333.3333 vlan 2 10.1.1.3 interface F0/3 

The above commands configure three entries in the IP Source Bindings table. 

'!'» verify the configuration: 



On Cat -I 

Cat- I#SjjOw ip source binding 

Mac Address IpAddrcss Lcasa'scc) Type VLAN Interface 



00:00:22:22:22:22 10. 1.1.2 
00:00:33:33:33:33 10.1.1.3 
00:00:1 1:1 1:11:11 10. I.I.I 
Total number of bindings: 3 



infinite static 2 
infinite static 2 
infinite static 2 



Fast Ether net 02 
FastEthcrnctO 3 
FastEthcrnetO I 



Cat- l#Show ip verify source 

Interface Filter- type Filter- mode IP- ad dress 



Mac -address Vlan 



FaO/1 ip 
FaO/2 ip 
FaO/3 ip 



active 


10 J 


I.I 


active 


10.1 


1.2 


active 


10.1 


1.3 



1 
1 
1 



To test the configuration : 



CCIE R&*» b* Narbik Kuirharians 



Ad* miL-L-d CCIE R&S Work Book 2.0 

£ 2009 Narbik Kucha riani. All rijhU reerved 



Page 148 of J068 



On kl 

Rl(config)#intffl/0 

Rl (config-it>ip addr 10. 1 .1 .4 255.255.255.0 

Rl*Ping 10.1.1.2 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 10. 1.1 2, timeout is 2 seconds: 

Success rate isO percent (0/5) 

Note when IP source guard is enabled with source IP address Filtering, IP 
traffic is filtered based on the source IP address. The Switch forwards IP 
traffic when the source IP address of that traffic matches an entry in the 
DHCP snooping binding database or a manually created source binding table. 

Rl(config^inti0/'0 

Rl(eonfig-il>ip addr 10. I.I .1 255255255.0 

Rl*Ping 10.1.1.2 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 10. 1. 1 .2, timeout is 2 seconds: 



Success rate is 100 percent (5/5), round-trip min/avg max = 1/2/4 ms 

In the above test, the IP address of Rl's FO.'O interface was changed to match 
the configured binding in the switch, therefore, the traffic was allowed. 



Task 17 

Configure the F 1 interface of Rl -R3 in Vlan 22; configure Rl — R3 based on following 
parameters: 



Router 


Interface 


IP address 


MAC address 


Rl 


FO 1 


20. I.I.I 24 


0000.11 11.1111 


r: 


FO 1 


20. 1 . 1 .2 .24 


0000.^22.2222 


R3 


FO 1 


20.1.1.3 24 


000 0.33 3 3. 3333 



On Kl 



CCIE R&^ bv Narhik ku churl an. 



Ad* anced CC1 E R&S W'urk Book 2.0 

C2009 Xarbik Kucha Hani. All rijjliu reserved 



Page 149 of 1068 



Rl(config)#intft)/l 

Rlfconfig-ifVip addr 20. 1.1.1 255.255.255.0 
Rl (config.if)#mac-addrcss D0O0. 1 1 I I . i i I I 
Rl(config-if)#no shut 

On R2 

R2(config)#intfl)/l 

R2i;config-if>*ip addr 20. 1 .1 .2 255.255.255.0 
R2(config-it>mac-iridrcss 0000.2222.2222 
R2iconfig-if)#no shut 

On K3 

R3ieonfig)#int tO.T 

R3(config-it>ip address 20.1. 1.3 255.255.255.0 
R3(config-if>mac-addrcss 0000. 3333. 333 3 
R3 icon fig- if)#no shut 

On Cat-2 

Cat-2(contig)#int range 10.' 1 -3 
Cat-2(cuntig-if-rangc)#swi mode ace 
Cat-2(config-if-range)#swi ace v 22 
Cat- 2( co n tig- i f-r an gc )" sp an n i ng po rt last 



Task IS 

Configure IP source guard on Cat-2 such that it filters traffic based on manually 
configured IP source and MAC Address Filtering. If the switch detects another MAC or 
IP address on one of the configured ports, it should drop the traffic. 



On Cat-2 

Cat-2(contig)#ip dhep snooping 
Cat-2(config)#ip dhep snooping vlan 22 

The above commands enable DHCP snooping Binding for VLAN 22, these must be 
configured or else the IP source guard will NOT work. 

Cat-2(config)#intcrface range fO/1-3 



CCIE R«£^ by Narblk kuchariaiH Ad\ anted CC1E R&S Work Buuk 2.11 Page lS0oflQ68 

£ M09 Narbik Kochariaiu. All rijhu raervwl 



Cat-2(config-if-range)#ip verily source port- security 
C at - 2( co n tig- if-range)# Switch port port- security 

The above command enables IP Source guard with IP and MAC address filtering. 
With "IP Verify Source port-security'" command configured under the interfaces, 
the snitch will filter based on the MAC and IP addresses. The "Switchport port- 
security'" command MUST be configured for the interfaces in VLAN 22. 

Cat-2(config)#ip source binding DOQO, 11 1 1.11 1 1 vlan 22 20.1.1.1 interface FQ 1 
Cat-2(config)#ip source binding 00 00. 2222. 2222 vlan 22 20.1.1.2 interface FO 2 
Cat-2(config)#ip source binding 0000.3333.3333 vlan 22 20.1.1.3 interface FO 3 

The above commands configure three entries in the IP Source bindings table. 

To verify the configuration: 

On Cat-2 

Cat-2#Show ip source binding 

Mac Address IpAddrcss Lcasciscc) Type VLAN Interlace 



00:00:22:22:22:22 20.1.12 
00:00:33:33:33:33 20.1.1.3 
00:00:1 1:11:11:11 20.1.1.1 
Total number of bindings: 3 



Cat-2rrShow ip verily source 

Interface Filter-type Filter-mode IP- address Mac-address Vlan 



infinite 


static 


:: 


Fast Ethernet 0/2 


infinite 


static 


22 


FastEthcrnctO 3 


infinite 


static 


22 


FastEthcrnctO 1 



Fa0/1 ip-mac 
FaO/2 ip-mac 
FaO -- ip-mac 



active 


20. I.I.I 


00:00:1 1:11:11:11 


22 


active 


20.1.1.2 


00: 00:22:22:22:22 


22 


active 


20.1.1.3 


00: 00:3 3:33: 33:3 3 


22 



To test the i'mrtj^uratimi: 



On Rl 



Rlfconfig^intrtll 
Rlfconfig-iiyNOmac 

Rl*Ping 20.1.1.2 



CCIE R&^» b* Narblk Kuchar-ians 



Ad* ancLd CCIE R&S Work Book 2.0 

C 2009 Varbik Kucha rianx All rijhu reserved 



Page IS I of 1068 











Type escape sequence to abort. 

Sending 5, lOQ-bytc ICMP Ethos to 20. 1. 1 .2, timeout is 2 seconds: 

Success rate is I) percent (0/5) 

To test the communication with the correct MAC address: 

Rl(config)#intffl/l 
Rlfconfig-ii^mac-addrcssOOOO. 1 1 1 1 . 1 1 1 1 

Rl#Puog 20.1.1 J. 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 20. 1. 1 .2, timeout is 2 seconds: 

MM 

Success rate is 80 percent (4/5), round -trip min.'avg'max = 1/1/1 ms 

Note when IP source guard is enahled with source IP and MAC address Filtering, 
IP traffic is filtered hased on the source IP and MAC address binding. The S\>itch 
forwards IP traffic when the source IP address of that traffic matches an entry in 
the DHCP snooping binding database or a manually created source binding table. 






Task 19 

Configure R4 1 sFG/l interface in VLAN 22 using the following parameters: 

R4'sF0/ 1 -20.1.1.4/24 
Mac-address - 000 0.4444. 4444 






On R4 

R4(eonfig)#intfu71 

R4iconfig-if>#ip address '0. 1 . 1 .4 ^55.^55. 255.0 
R4(config-if>mac-addrcss 0000.4444.4444 
R4fconfig-if)frno shut 

On Cat-2 

Cat-2(config)#int ftl'4 
Cat-2(contlg-if)#s\vitchport mode access 
Cat-2(config-if!i#s witch port access vian 22 




cc 


IE R&* b) Narbik Koeharians Advanced CCIE R&S Work Book 2.0 Page 152 of It 

C 3009 \arfoik Kucha riam. All rnjhU raerved 


)68 



C at -2(config- i f) tfspann ing port fast 
To test the iuitiii;u ration: 

OnR4 

R4#Ptng 20.1.1 .1 

Type escape sequence to abort. 

Sending 5, IGO-byte ICMP Echos to 20,1.1.1, timeout is 2 seconds: 

.!!!! 

Success rate is 80 percent (4/5), round-trip min/avg/max = l/l/l ms 

R4tf Ping 20.1.1.2 

J ypc escape sequence to abort. 

Sending 5, 100-byte ICMP Echos to 20.1.1.2, timeout is 2 seconds: 

.!!!! 

Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/4 ms 

R4#Ping 20.1.1.3 

Type escape sequence to abort. 

Sending 5, 100-byte ICMP Echos to 20. 1.1. 3, timeout is 2 seconds: 

.!!!! 

Success rate is 80 percent (4/5), round-trip min/avg/max = l/l/l. ms 

Note R4 was added to VLAN 22 and was able to communicate with all the 
hosts, routers In VLAN 22. 



Task 20 

Configure DAI (Dynamic ARP Inspection) to fix the problem identified in the previous 
step such that if a new host/router is added to VLAN 22, it won't be able to communicate 
with any host/router in VLAN 22 unless it's IP to MAC address binding is added, to the 
table. 



On CAT-2 

CAT-2(eonfig)#ip arp inspection vlan 22 
CAT"2(config)flip arp inspection filter TST vlan 22 static 



CCIE R&S In Nai bik Kocharlans Advanced CCIE R&S Work Book 2.0 \\t»t 153 of 1 068 

1999 .Niirlfik KaeltariHS. .Ml t 



CAT-2(coniig)#arp access-list TST 

CAT-2(tt)nfig-arp-nacl)#permit ip host 20.1.1.1 mac host 0000.1 111.1111 
CAT-2(coniig-arp-nacl)#permit ip host 20.1.1.2 mac host 0000.2222.2222 
CAT-2(conng-arp-nacl)#permit ip host 20.1.1.3 mac host 0000.3333.3333 
CAT-2(config-arp-nacl)#perniit ip host 20.1.1.4 mac host 0000.4444.4444 

To verify the configuration: 



On Kl 

Rl^Ping 20. LI .2 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 20. 1. 12, timeout is 2 seconds: 



Success rate is 100 percent (5/5), round-trip min/avg max = 1/1/4 ms 
RjjPiljg 20.1.1.3 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 20. 1. 1 .3, timeout is 2 seconds: 



Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/ 1 ms 

Rl^Ping 20.1.1.4 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 20. 1. 1 .4, timeout is 2 seconds: 



Success rate is 100 percent (5/5),, round-trip min/avg'max = 1/1/4 ms 
To test the eonfijjuration: 

On R4 

R4(config)#intffl/l 
R4iconi':g-:f)#li0 mac 

R4^Ping 20.1.1.1 



Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 20. 1.1.1, timeout is 2 seconds: 

Success rate isO percent (0/5) 



CCIE R&<> b\ Narblk RuL-hurium Adtwiccd OOE R&S Work Book 2.0 Pqge lS4t>flQ68 

C 2009 NarlrikKuchiruni. All rijhU r*serv«l 



Note the MAC address does NOT match the funding in the Arp ace ess- list. 

R4(config)#int FO/1 
R4(config-ii>*mac-addrcss 0000.4444.4444 

R4*Ping 20.1.1.1 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echos to 20. 1.1.1, timeout is 2 seconds: 



Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/4 ms 

Note the MAC address is added to the FO/1 interface of R4 and the ping was 

successful. 

To test In adding another router to this V LAN: 

On R5 

R5(config)#intF0/l 

R5(config-if>lP address 20. 1 . 1 .5 255.255.255.0 
R5(config-iiy Mac-address 0000.5555.5555 
R5(config-if)r*no shut 

R5*Ping 20.1.1.4 

Type escape sequence to abort. 

Sending 5, 100-bytc [CMP Echos to 20. 1. 1 .4, timeout is 2 seconds: 

Success rate isO percent (0/5) 

R5*Ping 20. 1.1.3 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echos to 20. 1. 1 .3. timeout is 2 seconds: 

Success rate isO percent (0/5) 

R5*Ping 20.1.1.2 

Type escape sequence to abort. 

Sending 5 S 100-bytc [CMP Echos to 20. 1. 1 .2, timeout is 2 seconds: 



Success rate isO percent (0/5) 



CCIE R&«* by NarMk Kuchariaiw Advanced CCIE R&S Work Book 2.0 Page lSSo/1068 

C2Q09 Varbik Kucha runt. All rnjhu reserved 



R5#Pjjjg 20. 1.1.1 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echos to 20. 1.1.1, timeout is 2 seconds: 

Success rate isO percent (0/5) 

I'd allow for nevtlv added router iv hosts to tinmmunicatt! nith other 
hosty'routers in VI AN 22; 

On Cat-2 

Cat-2(config)#arp ace ess- list TST 

Cat-2(conng-arp-nacD#permit ip host 20. 1. 1. 5 mac host 0000.5555.5555 

To see the ARP access-list: 

On Cat-2 

Cat-2#Sho\v arp ace ess -list TST 

ARP access list TST 

permit ip host 20. 1. 1.1 mac host 0000. Ill 1.11 11 



permit ip host 20 
permit ip host 20 
permit ip host 20 
permit ip host 20 



.2 mac host 0000.2222.2222 
.3 mac ho st 00 0. 33 3 3 . 33 3 3 
.4 mac host 0000.4444.4444 
.5 mac host 0000.5555.5555 



To test the configuration: 

On R5 

R5*Pina 20.1.1.1 



Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echos to 20. 1.1.1, timeout is 2 seconds: 



Success rate is 80 percent (4/5), round -trip min/avg.'max = 1/1/4 ms 
R5*Ping 20. 1.1.2 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echos to 20. 1. 1 .2, timeout is 2 seconds: 



CCIE R&S by Narbik Kucharians Advanced CCIE R&S Work Book 2.0 Page lS6o/1068 

C2Q09 Narbik Kocluiruiiu. All rijhu reserved 



Success rule is 8(1 percent (4/5), round-trip min/avg/max = 1/1/4 ms 

R5*Ping 20.1.1.3 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echos to 20. 1. 1 .3. timeout is 2 seconds: 

MM 

Success rate is 80 percent (4/5), round -trip min/avg/max = 1/1/4 ms 

R5*Ping 20.1.1.4 

Type escape sequence to abort. 

Sending 5 ; 100-bytc ICMP Echos to 20. 1. 1 .4, timeout is 2 seconds: 

MM 

Success rate is 80 percent (4/5), round -trip min/avg/max = 1/1/4 ms 



I ask 2 1 

Since the CPL" of the switch performs the actual DAI validation checks, the incoming 
ARP packets should be configured to be 1/3 of its default value. This should ONLY be 

configured tor the ports :n VLAN 22. 



Because the snitch uses its CPU to perforin Dynamic ARP Inspection, the switch 


nill rate limit the numhe 


r ol ARP packets to 15 pps, this can be revealed using the 


"Show ip arp inspectiun 


interfaces'" command, as follows: 


On Cat -2 




Cat-2TrSh ip arp inspection interfaces 


I n tcr fac c Tru st St at c 
FaO. 1 L'n trusted 


Rate (pps) Burst Interval 


15 1 


FaO/2 L'n trusted 


15 1 


FaO/3 L'n trusted 


15 1 


Fa0/4 L'n trusted 


15 1 


FaO/5 L'n trusted 


15 I 


i The rest of the output is 


omitted) 



CCIE R&«* by Narbik Kucharians Advanced CCIE R&S Work Book 2.0 Page IS? of 1068 

C2009 Narbik Kucha riaiu. All rijhu rcirrvcd 



Note the default value lor all interfaces is set to 15 pps. 

To configure the Cat to rate limit the number of ARF packets: 

On Cat-2 

Cat-2(config)#int range FO.T-5 

Cat-2(config-if-rangc)T*ip arp inspection limit rate 5 burst interval 1 

'I'o verify the configuration: 



On Cat-2 



Cat-2#Sh ip arp inspection interfaces 

Interface Trust State Rate (pps) Burst Interval 

FaO i 
FaO/2 
FaO/3 
FaO/4 

FaO/ 5 

i The rest of The output is omitted) 



Un trusted 


5 


1 


Un trusted 


5 


1 


Un trusted 


5 


1 


Un trusted 


5 


1 


Un trusted 


5 


1 



Task 22 

Configure Cat-2 to keep track of all drop packets due to mismatch of the dynamic ARP 
inspection binding configured in one of the previous steps. The switch should log 
messages after 5 seconds of an event: ensure that the switch adds entries to the log buffer 
without generating a system message. 



When the switch drops a packet, it adds an entry in the log buffer and generates a system 

message. Once the switch generates a system message, the particular entry is cleared from the 
log Buffer. The entry includes: VLAN, port number, Source and Destination IP and MAC 
addresses. 

On Cat-2 

Cat-2(config}#ip arp inspection log-buffer logsM interval 5 



CCIE R&«> bv Narbik Kuirhariami 



Advanced CCIE R&S \\ urk Book 2.0 

£ 3009 Narbik Kucha runt. All righu reserved 



Page 158 of 1068 



Note when the logs is set to 0, the switch will NOT generate a system message. 
To test thi 1 i'onti»umtion: 

On R5 

To test this configuration, the MAC address of R5 is removed and a ping is issued to emulate an 
invalid binding. 

R5(config)#int fl) 1 
R5(config-if)r*no mac 

R5*Ping 20.1.1.1 

Type escape sequence to abort. 

Sending 5, 100 -byte 1CMP Echos to 20.1. 1 J, timeout is 2 seconds: 

Success rate is (I percent (0/5) 

Cat-2#Sh ip arp inspection log 

Total Log Buffer Size : 32 

Syslog rate : entries per 5 seconds. 

Interface Vlan Sender MAC Sender IP Num Pkts Reason Time 

FaO/5 22 00 1 2.d9d7.99a9 20. 1.1.5 8 Acl Deny 21:18:15 L'TC Tuc Mar 2 1993 

Task 23 

Configure SNMP on Cat-1 using the following parameters: 

> NMS IP address is 192.168.1.100 

> RO community should be TST-RO 



> RW community should be TST-RW 

> The NMS is using Vcrsio n 2C 

> The community string should be "eisco" 



CCIE R&* by \nrUk Kuehariaiw Advanced CCIE R&S Work Book 2.0 Page lS9t>flQ68 

C 2009 Narbik Kucha rianx All rijjhu rcitrved 











On Cat-1 

Cat- I(config)#snmp-servcr host 1 92. 1 68.1 .1 00 version 2c cisco 
Cat- 1( con fig )#snmp- server community TST-RO ro 
Cat- 1 (con fig)#snmp- server community TST-RW rw 






I ask 24 

Configure Cat-2 sueh that if in the future it. is configured with BGP. it should send BGP 
notifications to the SNMP server with an address oi' 192. 168. I.I. The switch should send 
these notifications using traps. Ensure that the switch uses version 2C and a community 
string of "cisco" 






On Cat-2 

Cat-2(config)#Snmp-scrvcr host 192.168.1.1 traps version 2C cisco hgp 
Cat-2(config)#Snmp-scrvcr enable traps hgp 






Task 25 

Configure Cat-3 to send all traps to the host "PCI. Micro nksTraining.com'" using 
community string of "cisco". The switch should resolve this FQDN to 10. 1. 1.200 locally. 






On Cat-3 

Cat-3(config)#ip host PCl.MieroniesTraininy.eom 10.1.1.200 

Catof con fig)#Snmp- server enable traps 

C at - 3( co nfig)#Snmp- server host PC 1 .MieronicsTraining.com cisco 




cc 


I ask 26 

Configure SNMP on Cat-4 using the following parameters: 

The SNMP manager must have Read-Only permission access to all objects using "cisco" 

as the string. 

IE R&* b> Narbik KoeharLans Advanced CC1E R&S Work Book 2.0 Page MOofJt 

C2Q09 N»rbik Koch* rum All rq|liu reserved 


US 





The switch should send VTP traps to 10.1. 1. 10, 10.1 .1. 100 and 10.1.1.200 using the 
lb 1 lo wing SN" \\ P ver sio ns : 

Host 10.1.1.1 SNMP version 1 , Host 1 0. 1 . 1 . 1 00 and 10.1.1. 200 SXMPvZC 
Ensure that the community string of "cisco" is sent with the traps: 






On Cat-4 

Cat-4(config)#Snmp-scrver community cisco 
Cat-4i con fig)#Snmp- server enable traps VTP 
Cat-4(config)#Snmp-scrvcr host 10. 1.1.10 version 1 cisco 
Cat-4(config)#Snmp- server host 1 0. 1 . 1 . 1 00 version 2C c isco 
Cat-4(coniig)#Snmp-scrvcr host 10.1.1.200 version 2C cisco 






las k 27 

En sum that Cat-4 is configured with the following parameters for its previous SNMP 
configuration: 

> Contact: Micron ics Networking and Training Inc 
'*■ Location: Building A. Sydney office 






On Cat-4 

Cat-4(config)#snmp-s location Building A, Sydney office 

C at -4(config)#snmp- scon tact Micronics Networking and Training Inc 




Task 28 

Configure Cat-I such that whenever the switch learns or removes a MAC address on its 
port FO/18, an SNMP notification is generated and sent to the WIS located at 
192. 168. 1. 100. Since there are many users coming and going from the network, set up a 
trap interval time to bundle the notification traps and reduce network traffic using the 
following parameters: 

> The traps should be generated every 30 minutes. 

> Th e t r ap sh o u id con tai n a maximum o f 1 5 en tries. 

CCIE R&* by Narfaflc Ku char inns Advanced COE R&S Work Book 2.0 Page 161 of 1068 

E Kill 9 Narbik Kuchariani. All righU rcirrvcd 



This feature enables us to track users on a network by storing the Mae address 
activity on the snitch. Once configured, every time a MAC address is learned 
or removed an SVMP notification is generated and sent to the NEWS. On a very 
busy network when lots of users come and go, the default liehavior is that an 
SVMP trap is sent every second. Because this can consume bandwidth, there 
are two parameters that can be configured to remedy this situation and they 
are as follows: 

£■ Mac address-table notification interval — This value specifics the 
notification trap interval in seconds between each set of traps that arc 
generated to the WIS. Default value is one second, and the range is — 
2,147,483,647 seconds. 

'*> Mac address-table notification hi story- size — Specifics the maximum 

number of entries in the MAC notification history tabic. The default value is 
1 „ and the range is 1 — 500 entries. 

On Cat -I 

Cat-l(contig)f#Snmp-server host 192.168.1.100 traps private 

The above command identifies the VMS 

Cat-](config)#Snmp-ser\er enable traps mac-notification 

This command enables SNMP traps mac-notification 

Cat- l(config)#M a c- address- table notification 

The above command enables the mac address-table notification on the switch 

Cat-l('coniig')#M a c- address- table notification interval 1800 

This command sets the interval 

Cut- Ii conl:g)-Mae-address-table notification history-size 150 

This command sets the historv-size 

Cat.l(conlig)#IntfU/18 

Cat-l(conng-if)r*Snmp trap mac-notification added 

To enable the MAC notification trap whenever a MAC address is added 



CCIE R&i* bv Narbik Kuchariami 



Advanced CCIE R&S Work Book 2.0 

C 2009 Vtrbik Kucha rkni. All rijhU reerved 



Page 162 of 1068 



Cat-l(config-if)#Snmp trap mac-notification removed 

To enable the MAC notification trap whenever a MAC address is removed 

To verify the configuration: 

On Cat-1 

Cat- l#Show mae-addrcss-t able notification interface rT)-' 1 8 

MAC Notification Feature is Enabled on the switch 

Interface MAC Added Trap MAC Removed Trap 

FastEthcrnctOiS Enabled Enabled 

Cat- lwShow mac -address-table notification 

MAC Notification Feature is Enabled on the switch 

Interval between Notification Traps : 1800 sees 

Number of MAC Addresses Added : 

Number of MAC Addresses Removed : 

Number of Notifications sent to NMS : 

Maximum Number of entries configured in History Table : 150 

Current History Table Length : 

MAC Notification Traps arc Enabled 

History Table contents 



Task 29 

You received another request from your IT department to keep track of all the MAC 
addresses that arc learned byCat-2 port F0 18. The switch must use the NMS located at 
192. 168. 1. 1 .'24. configure the switch to handle this request. You should use an IP 
address of 2.2.2.2 8 to accomplish this task. 



CCIE R&*> bv Naroik Kui:harians 



Advanced CCIE R&S Wark Book 2.0 

C2009 Nvbik Kucha run*. All rij|hti raerv«l 



Page 163 of 1068 



On Cat-2 

Cat-2(config)#Snmp-server host 192.168.1.1 trap private 
%IP_SNMP-3-SOCKET: can't open LDP socket 

Unable to open socket on port 161 

Note since this switch is not configured with an IF address, it will fail to 
configure the Snrnp server. Therefore, an IP address should be configured 
before entering the "snrnp- server" command as follows: 

Cat-2(config)#IntloO 
Cat-2(config-ii>lp addr 22.2.2 255.0.0.0 

To setup the Snmp- Server: 

Cat-2(config)#snmp-ser\er host 192.168.1.1 trap private 

Configures the switch to send mac-address traps to the N.MS: 

Cat-2(contig)#snm.p-server enable traps mac-notification 

To enable MAC-address notification: 

Cat-2( coring )"mae-ad dress -table notification 

Cat-2i;conng)#IntcrfGT8 

Cat-2(config-ifVsnmp trap mac-notification added 

The above command enables the SNMP trap on interface FoVlS and configures 
the switch to send MAC notification traps whenever a MAC-address is added. 
If the switch must be configured to report the MAC addresses that are learnt 
and expired, then "snmp trap inac-notificalion re nun ed " com man d musl also 
be configured. 

To verify the configuration: 

On Cat-2 

Cat-2#Show mac -address-table notification interface fO 1 8 

MAC Notification Feature is Enabled on the switch 
Interface MAC Added Trap MAC Removed Trap 

Fast E t h cm ct 0. ' 18 E na b I ed D is ab led 



CCIE R&'s bj Narbik KuL-harLaiw Advanced CCIE R&S Work Book 2.11 

C2009 Varbik Kucha rianx All rights reserved 



Page 164 of 1068 













Note if the "snmp trap mac-notification removed" command was also entered 
for FwVlS interface, under the "MAC removed Trap" column you will also see 
as "Enabled". 

Cat -2- Show m ac -add rcss-t able notification 

MAC Notification Feature is Enabled on the switch 

Interval between Notification Traps : 1 sees 

Number of MAC Addresses Added : 

Number of MAC Addresses Removed : 

Number of'Notifications sent to NMS : 

Maximum Number of entries configured in History Table : 1 

Current History Tabic Length : 

MAC Notification Traps are Enabled 

History Table contents 








Task 30 

Shut down the following ports: 

The ports that connects Cat- 3 to Cat -4 

On Cat-I and Cat -2 FO/23-24 and FQ'2 1 -22 








On Cat-I 

Cat- 1 (con%)#int range FO/2 1 -24 
Cat- 1 ( con fig- if-rangc)# shut 

On Cat-2 

Cat-2(coniig)#intcrfacc range FO/2 1-24 
Cat-2(config-if-range)#Shut 

On Cat-3 

Cat-3(config)#Intcr range FQ'2 1-24 
C at- 3( co n tig- i t-rangc)#S hu t 

On Cat -4 

Cat-4(config)#lnt range FO/2 I -24 




cc 


IE R&<> b> NarbHc Kocharians Advanced CCIE R&S Work Book 2.0 Page 165 of It 

C 2009 Xarbik Kuchiriani. All rijjhlj rcicnnl 


)6S 



Task 3 1 

Establish a trunk using an industry solution between Cat-1 and Cat-2 using ports FQi 9- 

20; to STP these two ports should appear as one. 

The ports on Cat-! should be in passive negotiation state in which it should ONLY 

respond to PAgP packets. 

Cat-2 should be eon figured appropriately. 



PAgP is a Cisco proprietary protocol that can be used! to automatically create 
Ethei Channe h by exchanging PAgP packets between Ethernet polls. PAgP has two 
modes of operation: 

Auto: 71 .r mode places the port's into a passive negotiation state, in which the ports 
ONLY respond to PAgP packets that they receive. Ports in this mode WILL NOT start 
PAgP packet negotiation, which minimizes the transmission of PAgP packets. If both 
ends of a given link arc configured in AUTO mode, they will NOT negotiate a trunk. 

Desirable: this mode places the port's into an active negotiation state, in which the potts 
start negotiation by sending PAgP packets., Desirable mode will negotiate a trunk with 
another port configured in cither AUTO or DESIRABLE mode. 

On Cat-1 



Cat- ](config)#int range fll'I 9-20 



Cat- l(contig-il 
Cat-l(config-ii 
Cat-1 (config-if 

On Cat-2 



rangc)#swi trunk encap dot I q 
rangc)#swi mode trunk 
range)#channcl-group 1 mode auto 



Cat-2(config)#int range fl)/l 9-20 
Cat-2(config-if-range)#swi trunk encap dotlq 
Cat-2(contig-if-rangc)^swi mode trunk 
Cat-2(contig-if-rangc)#chanricl-group I mode desirable 

To verify the confte uratiun: 

On Cat-1 



CCIE R&$ by NarMk Kuchai-ians Adt anted OCIE R&S Work Book 2.11 Page 166 of 1068 

C2009 Narbik Kuchariani. All rij[hU rrirrvfil 



Cat- I#Sh int trunk 

Port Mode Encapsulation Status Native vlan 

Pol on 802. lq trunking I 

(The output is modified to only shows the Port Chan net/ 

Cat- InShow pagp neighbor 

Flags: S - Device is sending Slow hello. C - Device is in Consistent state. 
A - Device is in Auto mode. P - Device learns on physical port. 

Channel group 1 neighbors 

Partner Partner Partner Partner Group 

Port Name Device ID Port Age Flags Cap. 

FaO.'ia Cat -2 QO19.2f9O.aeQ0 Fa0.19 1 7s SC 1000! 

)/20 Cat-2 00I9.2t90.ae00 Fa0/20 10s SC 10001 



Cat- If* Show cthcrchanncl 1 summary 

Flags: D - down P - in port -channel 

I ■ stand-alone s ■ suspended 

H - Hot-standby (LACP only) 

R - Laycr3 S - Laycr2 

L' - in use f- tailed to allocate aggregator 

u - unsuitable tor bundling 

w ■ waiting to be aggregated 

d - default port 

Number of channel-groups in usee 1 
Number of aggregators: 1 

Group Port-channel Protocol Ports 

■- - -- 

I Pol(SL') PAgP FaO,']9i;P) Fa0/2O(P) 



Task 32 

Configure the EthcrChannel from the previous step such that packets sent to the same 
MAC address will use the same port. 



CCIE R&«* by Narbik KocharLans Advanced CCIE R&S Work Book 2.0 Page 16? of 1068 

C 2009 Narbik Kuchariani. All righb ratnnl 



Ether Channel load balancing can foe configured in one of the following methods: 

Source MAC address forwarding: 

In this method, when the packets arc sent to the EthcrChanncI they arc distributed across 
the ports in the channel based on the source MAC address of the incoming packets. Asa 
result oft hat,, packets from different hosts use different ports. 

Pes! hi a (ion MAC" address I'orw ardin^: 

In this method., when the packets arc sent to the EthcrChanncI they arc distributed across 
the ports in the channel based on the destination host's MAC address., as a result of that, 
packets to the same destination, arc forwarded out of the same port. 

Source and Destination MAC address forwarding: 

In this method, when the packets arc sent to the EthcrChanncI they arc distributed across 
the ports in the channel based on the both source and destination MAC address, as a 
result of that, packets from a given host to a given destination will use the same port. 

Source IP address based forwarding: 

In this method, when the packets arc sent to the EthcrChanncI they arc distributed across 
the ports in the channel based on the source IP address of the incoming packet. As a 
result of that, packets with different source IP address will use different port. 

Res! in a lion IV address based forwarding: 

In this method, when the packets arc sent to the EthcrChanncI they arc distributed across 
the ports in the channel based on the destination IP address of the incoming packet, as a 
result of that, packets to the same destination will use the same port. 

Source and Destination IP address based forwarding: 

In this method, when the packets arc sent to the EthcrChanncI they arc distributed across 
the ports in the channel based on the source and destination IP addresses. Asa result of 
that, packets from a given IP source to a specific IP destination will use the same port. 

On Both Switches: 

(config.^Port-channel load-balance dst-mac 

To verify the cont'iauration: 

On Cat- 1 

Cat- lftShow cthcrchanncl load -balance 

EthcrChanncI Load- Balancing Operational State (dst-mac): 
Non-IP: Destination MAC address 



CCIE R&* by \nrUk Kuchariaiw Advanced CCIE R&S Work Book 2.0 Page 168 of 1068 

C 20(19 \«rbik Koch* runs. All ryhb raervetl 



IPv4: Destination MAC address 
IPv6: Destination IP address 



Task 33 

Configure a layer 3 EthcrChanncl using ports FO/21 -22 connecting Cat-2 to Cat-4. These 

ports should NOT use any protocol's to negotiate an EthcrChanncl. L'sc the following IP 

addresses: 

Cat-2 - 1 0.1 .24.2 ,24 and Cat-4 - 1 0.1 .24.4 /24 



When configuring a layer 3 EtherChannels the port-channel interface should he 
titrated first and then, assigned to the physical port using the "Channel-group'" 

command. 

On Cat-2 

Cat-2(config)#int port -channel 24 
Cat- 2( co n fig- i f)#N O swi tc hpo rt 
Cat-2(config-if)#ip address 10. 1 24.2 255255.255.0 



Cat-2(config)#int range FO/21 -22 

range )#no switchport 
rangc)#channcl-group 24 mode on 
range)#NO shut 



Cat- 2( con fig- if 
Cat-2(config-if 
Cat-2(config-if 

On Cat-4 



Before configuring this switch for a layer 3 EtherChannel, remember that you must 
change the "SDM prefer VLAN", or else the I OS will NOT allow you to create a 
port -channel interface. 

Cat-4(config)sdm prefer routing 
Cat-4#reIoad 

After the switch is reloaded: 

Cat-4(config)#lnt port-channel 24 

C at-4(co n fig- i f)#N O swi 

Cat-4(config-if)#ip address 10.1.24.4 255.255.255.0 



CCIE R&«* by NarMk Kuehariaiw Advanced CCIE R&S Work Book 2.0 Page 169t>flQ68 

C 2009 N»rbik Koch* ruins. All rijhu rcirrvcil 



Cat-4(coni.g')#int range ft). '"2 1-22 
Cat-4(contig-if-range)#NO swi 
Cat-4(contig-if-rangc)#chanricl-gruup 24 mode on 
Cat-4(contig-if-range)#no shut 

Note in this case we must use the "Channel- group 24 mode ON'" command, the ON 
tells the switch NOT to use PAgP or LACP to negotiate the EtherChannel. With 
mode both ends of the links should be configured \>ith mode set to "ON". 

To test the configuration: 

On Cat-2 

Cat-2*Ping 10.1.24.4 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echosto 10.1.24.4, timeout is 2 seconds: 



Success rate is 80 percent £4/5), round-trip min.'avg'max= 1/1/1 ms 
To verit'v the configuration: 

Cat-2 

C"at-2~Sho\v cthcrchannel summary 

Flags: D - down P - in port -channel 
I - stand-alone s - suspended 
H - Hot-standby (LACP only) 
R - Layer 3 S - Laycr2 
L' - in use f - tailed to allocate aggregator 
u - unsuitable tor bundling 
W - waiting to be aggregated 
d - default port 

Number est' channel -groups in use: 2 
Number ot* aggregators: 2 

Group Port -channel Protocol Ports 

I Pol(SU) PAgP FaD/19(P) Fa0,'20(P"> 

24 Po24(RL") - FaO'21(P) FaO."22i;P) 

Note the letter "R'" to the right of the Po24 states that this is a layer 3 EtherChannel, 



CCIE R&«» b) Narbik Kurtiariuiw Adtiuiccd OCIE R&S Work Book 2.0 Page 170 of 1068 

C 2009 Narbik Kuchariini. All righb reserved 



whereas, the letter "S'" to the right of the Pol, states that the link is. a layer 2 
E t he i Channel. 



Task 34 

Establish a trunk using Cisco proprietary solution between Cat -4 and Cat-3 using ports 
FQ' 19-20; to STP these two ports should appear as one. 

The ports on Cat-4 should he configured such that they start negotiation process by 
sending LACP packets. The ports on Cat-3- should NOT be configured the same 



LACP is an industry standard (IEEE 802.3ad| solution lor managing 
Ethei Channels between the switches. LACP offers t**o modes of operation: 

Active: In this mode the ports arc placed into an active negotiation state, in whic h the 
ports involved start negotiating with other ports by sending LACP packets. If both ends 
of a given link arc configured in Active or Passive mode,, the ports will negotiate an 
Ether Channel. 

Passive: In this mode the ports arc placed into a passive mode, in which the ports can 
ONLY respond to LACP packets that they receive. If both ends of a given link arc 
configured in Passive mode, the ports will NOT negotiate an EthcrChanncl, whereas,, an 
active mode configured on one side and Passive configured on the other the switches wil 
negotiate an EthcrChanncl link. 

On Cat-4 

Cat-4(config)#int range fiJ/1 9-20 
Cat-4(config-if-rangc)#swi trunk encap isl 
Cat-4(config-if-rangc)#swi mode trunk 
Cat-4(config-if-rangc)#channcl-group 34 mode active 
Cat-4(config-if-range)#no shut 

On Cat-3 

Cat- 3(00 n fig)#ir t range FO; 1 9 -2 
Cat-3(config-if-rangc)#5wi trunk encap isl 
Cat-3(config-if-range)#swi mode trunk 
Cat-3(config-if-range)#channcl-group 34 mode passive 
Cat-3(config-if-range)#!\0 shut 

To verify the configuration: 



CCIE R&!s by Narblk Ruchariaiw Ad* weed CC1E R&S Work Book 2,11 Page l?t of 1068 

£ 20(19 Narbik Koch* runs. All rijliu raerved 



On Cat-3 

Cat-3#Sh int trunk 

Port Mode Encapsulation Status Native vlan 

Po34 on isl trunking 1 

Port Vlans allowed on trunk 
Po34 1-4094 

Port Vlans allowed and active in management domain 
Po34 I 

Port Vlans in spanning tree forwarding state and not pruned 
Po34 I 

Caj-3#Sh cthcrchanncl summ 

Flags: D - down P - in port -channel 

1 ■ stand-alone s ■ suspended 

H - Hot-standby (LACP only) 

R - Laycr3 S - Laycr2 

L* - in use f - tailed to allocate aggregator 

U - unsuitable for bundling 

w - waiting to be aggregated 

d - default port 
Number of channel-groups in use; 1 
Number of aggregators: 1 

Group Port -channel Protocol Ports 

34 Po34(SU) LACP FaO I9fP) Fau720(P) 



Task 35 

In the future you will be adding another 14 ports to this EthcrChanncl, ensure that port 
FO/19 of Cat-3 and Cat-4 will be one of the ports that will be in active state first and not 
standby. 



Before tiny changes art' made, the default parameters should he cheeked, as 
follows: 



CCIE R&$ by NarMk Kuchariuiw Advanced CCIE R&S Work Book 2.0 Page l?2o/1068 

€ 2009 Xarhik Kuchiriani. All righ U rtiervnl 



Cat-3#Sh laep 34 internal 

Flags: S - Device is requesting Slow LACPDL's 
F - Device is requesting Fast LACPDL's 
A - Device is in Active mode P - Device is in Passive mode 

Channel group 34 









LACP port 


Admin 


Opcr 


Port 


Port 


Port 


Flags 


Stale 


Priority 


Key 


Kcv 


Number 


State 


Fa0i9 


SP 


bndl 


32768 


0x22 


0x22 


OxF 


0x3C 


FaO/20 


SP 


bndl 


32768 


0x22 


0x22 


0x10 


0x3C 



When LACP is configured, it will try to use maximum number of ports in a 
given channel, up to a maximum of 16 ports. But only 8 ports can be active at 
any time, the additional ports are placed in a hot -stand by state, this decision is 
made by the system; if one of the active ports goes down, one of the hot- 
standby links nill become active. 
Every link has a unique priority which is made up of: 

> LACP system priority 

> System-ID (Which is a combination of LACP-Priority and switch MAC 
address) 

> LACP port priority 

> Port number 

Numerically lower value will always have a higher priority. 

This priority decides which ports should be place in hot-standby mode, and 

which ports should be in Active mode. 

On Both Switches 

(coniig)#intfTJ,T9 
(config-ir^lacp port -priority 1 

To verify the confitf oration: 

On Cat-3 

Cat-3#Sh lacp 34 internal 

Flags: S - Device is requesting Slow LACPDL's 
F - Device is requesting Fast LACPDL's 

A - Device is in Active mode P - Device is in Passive mode 
Channel group 34 



CCIE R&S by NarMk Koehariaiis Advanced CCIE R&S Work Book 2.0 

C 2009 Varbik Kucha rum. All righu reserved 



Page 173 of 1068 









LACP port 


Admin 


Opcr 


Port 


Port 


Port 


Flags 


Sl.LII.L- 


Priority 


Key 


Key 


Number 


State 


FaO/19 


SP 


bndl 


1 


0x22 


0x22 


OxF 


0x3C 


FaD/20 


SP 


hnJ. 


32 "68 


0x22 


0x22 


0x10 


Qx3C 



1 ask 36 

Configure a layer 3 EthcrChannel using ports F0 2 1 -22 connecting Cat- 1 to Cat- 3. These 

ports should use IEEE 802. ad to negotiate an EthcrChannel. Use the following IP 

addresses: 

Cat- 1 - 1 0.1.1 3.1 /24 and Cat-3 - 1 0.1 .1 3.3 24 



On Cat-1 






Cat- l(config)#int port -channel 13 

Cat-1 (con tig- il)r#no swi 

Cat- l(config-if)#ip addr 1 0. 1 . 13. 1 255 


.255.255.0 


Cat- l(config- 
Cat-I(config- 
Cat-l(config- 
Cat-l(config- 


i $tui range ftl 2 1-22 
if-rangc)#no swi 
i f-r ange )#C han nc 1-gro u p 
if-rangc)#\o shut 


1 3 mode passive 


On Cat-3 






Cat-3(coniig) 
Cat-3(config- 
Cat-3(config- 


"int port -channel 13 

if)#no swi 

il>ip address 10. 1 . 1 3.3 255255.255.0 


Cat-3(config- 
C at- 3( con fig- 
Cat -3( con fig- 
Cat -3( con tig- 


i f)#int range flX'2 1-22 
if-rangc)#no swi 
ii-rangc)nchanncl-group 
if-rangc)#no Shut 


13 mode active 


To vcrifv the configuration: 




On Cat-1 






Cat-l*P:na 10.1.13.3 





CCIE R&«» bv Narbik Kuirhariami 



Advanced CCIE R&S Work Book 2.0 

C2009 Narlrib Kucha runs. All rryhti reserved 



Page 174 of 1068 



Type escape sequence to abort. 

Sending 5, 100-bytelCMP Echosto 10.1.13.3, timeout is2 seconds: 

MM 

S lie e e ss ra te i s 8 pe r c e n t (4/5), round -trip m in.'avg.' max = 1 / 1 / 1 ms 



las k 37 

Erase the config.tcxt and vlan.dat tile and reload the switches before proceeding to the 
next task. 



On All Switches: 

Cat- l#pwd 

This command display the current working directory 

flash: 

^delete con fig, text 

Delete filename [config.tcxt]? 

Delete tlashrconfig.text? [confirm] 

#dclcte vlan.dat 

Delete filename [vlan.dat J? 

Delete flash: vlan.dat? [confirm] 

Cat-lffdir 
Dircctoryof Hash:/ 

4 -rwx 7252875 Mar 1 1993 00:03:37 -00:00 c3560-advipscrvicesk9-mz.l22-25.SEB4.bin 

5 drwx 192 Mar 1 1993 00:05:36-00:00 c3560-ipbasc-mz.122-25.SEB4 

15998976 bytes total f 173 1 072 bytes free) 



Task 38 

Configure a trunk between Cat- 1 and Cat-2 using ports F0. 1 9-20: use a Cisco proprietary 
t run king solution to accomplish this task. You should Shutdown ports F0/21-24 on both 
Cat-2 and Cat-2. 



CCIE R&*> by Narbik Kucharians Advanced CCIE R&S Work Book 2.0 Page 17SoflQ68 

E 2009 V«rl>ik Kucha rlim All rij|hU n-imtil 











On Both Switches: 

i;coniig')#int range til'' 19-20 
(config-if-rangc)#swi trunk encap isl 
( co niig- it-ran gc)#swi mode trunk 

( config)# int range FO/2 1 -24 
(config-if-rangc)#shut 






Task 39 

Configure Rl and R2 based on the following parameters and ensure that the following 
ports arc in VLAN 12: 

R 1 : s F0.-0 - 10. I.I 2.1 .24 and R2 1 s FQ-'l - 1 0.1 . 12.2 ,24 






On Rl 

Rl(config)#intiM) 

Rli;config-if)#ipaddr 10.1.12.1 255255.255.0 

R 1 (c o n fig- if )#no s hut 

On R2 

R2(config)#* int til/1 

R2(config-il>ip addr 10.1.122 255255.255.0 

R2iconfig-ii>\0 shut 

On Cat-1 

Cat-l(contig)TTvtp domain TST 

Cat-l(config)#int flli 

Cat- lfconlig-if^swi mode ace 

Cat- l(conlig-if)rrswiacc v 12 
Cat- 1 ( co n fig- if)#s panning portfast 

On Cat-2 




cc 


IE R&«* b> Narblk Koeharians Advanced COE R&S Work Book 2.0 Page 176 of It 

C2009 Narbik Koch* rum All rijhls raervetl 


>68 



Cat-2(config)#int ft) .2 
Cat-2(contig-if)#swi mode ace 
Cat-2(conlig-if)#swiacc v 12 
Cat-2(contig-if)#spanning port fast 

To test the configuration: 

On Rl 

Rjjgjmg 10. 1.12.2 

Type escape sequence to abort. 

Sending 5 r 100-bytc ICMP Echos to 10.1.12.2, timeout is 2 seconds: 



Suce ess rate is 8(1 percent (4/5), round -trip min/avg/max .= 1/1/4 ms 



las k 40 
Configure Cat- 1 such that it marks all traffic from Rl with an IP Precedence of 1. 



On Cat-1 

Cat- l(coniig)#rnls qos 

QOS should he enabled, if QOS is NOT enabled, the policy will NOT have any affect. 

Cat- l(config)#Ac cess- list 100 permit ip any any 

Cat- 1 (coniig)#c lass-map QOS 

Oat- 1 ( co nlig-c map )# match access-group 100 

Cat- l(contig-emap)npolicy-map TST 
Cat- 1 ( co n fig- p map )#c lass QOS 
Cat-l(config-pmap-c)#sct ip precedence 1 

Cat-l(conlig-pmap-c)#int ttl'l 
Cat-l(contig-il)r*service-policy input TST 

Note on 3560s there arc fen things tliat art' NO I' supported and they are 



COE R&S by Narbik Kuehariuns Advanced CCIE R&S Work Book 2.0 Page I?? of 1068 

C 2009 Xarbik Kucharuni. All rijhU rcirnril 



Sen' ice-policy is NOT supported on the Outbound direction, you should receive the 
Following message: 

Warning: Assigning a policy map to the output side of an interface not supported 

In the class-map the "input- interface" can NOT he used, if it is used you will get the 
following message when applying the ■■Service-policy'" to an interface: 

%Q»S: policy-map TSTwith MATCH INPUT-INTERFACE not allowed on non-SY I interface 
Service Policy attachment failed 

To verify the configuration: 



On Cat -I 

Cat- l#Sh class- map 

Class Map match-any class-default (id 0) 
Match any 

Class M ap match-all QOS (id 1) 
Match access-group 100 

Cat- l#Show access- list 

Extended IP access list 100 
10 permit ip any any 

Cat- l"Sho\v policy map 

Policy Map TST 
Class QOS 

set ip precedence 1 

To test the configuration: 

To test the configuration, an access-list should he created permitting each IP Precedence 
value with a log option. This is created so \*e can test different traffic marked with different 
IP Precedence levels generated by Rl. 

On R2 

R2(eonfig)#ae cess- list 100 permit ip any any Precedence log 



CHE R&«* by NarMk Kueharians Advanced CCIE R&S Work Book 2.0 Page 178 of 1068 

E 3(109 Narbik Kxidiarians. All rights reserved 



R2(config)#acccss-list 100 permit ip any any Precedence 1 log 
R2(config)#acccss-list 100 permit ip any any Precedence 2 log 
R2(config)#access-list 100 permit ip any any Precedence 3 log 
R2iL'onfig)#acccss-list 100 permit ip any any Precedence 4 log 
R2(eonfig)#acccss-list 100 permit ip any any Precedence 5 log 
R2(config)#access-list 100 permit ip any any Precedence 6 log 
R2(t:onfig)#aeccss-list 100 permit ip any any Precedence 7 log 
R2(config)#acccss-list 100 permit ip any any log 

R2(config)#intt0/1 
R2(eonfig-if)#ip access-group 100 in 



To tfst tht' i-oniljjuration: 



Generate traffic from \i\ : 



On Rl 

Rl*Ping 10. 1.12.2 repeat 10 

Type escape sequence to abort. 

Sending 10, 100-bytc 1CMP Echosto 10.1.12.2, timeout is2 seconds: 

I M M II M I 

Success rate is 100 percent (10/10), round-trip min.'avg/max = 1/2/4 ms 
On R2 

R2r*Ship ace ess- list 100 

Extended IP access list 1 00 

1 permit ip any any precedence routine log 

20 permit ip any any precedence priority log (10 mutches} 

30 permit ip any any precedence immediate log 

40 permit ip any any precedence flash log 

50 permit ip any any precedence tl ash-override log 

60 permit ip any any precedence critical log 

70 permit ip any any precedence internet log 

80 permit ip any any precedence network log 

90 permit ip any any log 

Note the 10 ICMP packets matched IP Precedence 1. The reason that the packets inbound 
to Rl have preserved their marking is because theQOS on the second switch fCat-2) is 
disabled. If the "MLS QOS'" is disabled, the packets will traverse through thesxMteh x*ith 
their marking untouched. If the "MLS QOS** is enabled, the switch will remark all packets 



CCIE R&!s b\ Narbik kuirhariaiw Advanced COE R&S Work Book 2.11 Pqge 179oflQ68 

C 2009 Narbik Kucha rianx All rijjIiU rcirrvcil 



with IP Precedence of 0. To test this, the QOS of the second switch should he en a hied as 

follows: 

On Cat-2 

Cat- I(config)r*MIs qos 

To verify thi' configuration: 

On Cat-2 

Cat-2#Show mis qos 

QoS is enahled 

QoS ip packet dscp rewrite is enabled 

To generate some traffic on Rl: . .. Note 10 pings are initiated 

Rl*Ping 10. 1.12.2 repeat 10 

Type escape sequence to abort. 

Sending 15. 100-bytc ICMP Eehosto 10.1.12.2, timeout is 2 seconds: 

MII1IMM 

Success rate is 100 percent (10/ 10), round-trip min.'avg/max = 1/1/4 ms 
To verify the configuration: 

On R2 

R2^Sh access-list 

Extended IP access list 100 

10 permit ip any any precedence routine log (10 matches) 

20 permit ip any any precedence priority log (1 matches) 

30 permit ip any any precedence immediate log 

40 permit ip any any precedence flash log 

50 permit ip any any precedence flash-override log 

60 permit ip any any precedence critical log 

70 permit ip any any precedence internet log 

SO permit ip any any precedence network log 

90 permit ip any any log 

Note uIil'ii Ira flic from Rl traversed through Cat-1. Cat-1 remarked the traffic xsith IP 



CCIE R&$ by Narbik KucharLaiw Advanced CCIE R&S Work Book 2.0 Page lSOa/1068 

C 3009 Narbik. Kxidiarians. All rig lib reserved 



Precedence of 1, but because QOS was enabled on another snitch a I out! the path to R2, in 
this case Cat-2, \>hen the traffic traversed that snitch, the snitch remarked the traffic back 
to zero. 



Task 41 

Ensure that the traffic from Rl retains its Precedence level; DC) NOT disable QOS on 
Cat-2. 



On Cat-2 

Cat-2(config)#int range ffl/1 9-20 
Cat-2(coniig-if-rangc)#mls qos trust ip-precedence 

The above command shows how to set the trusted state of an interface to IP 
precedence 

To test the configuration: 
On R2 

R2#CIcar access-list counters 
On RI 



RlgPing 10. 1.12.2 repeat 25 

Type escape sequence to abort, 

Sending 25, 100-hytc ICMP Echos to 10. 1. 12.2, timeout is 2 seconds: 



!ll!1IMM!tll!llM!l!MI 



Success rate is 100 percent (25/25), round-trip min.'avg/max = 1/1/4 ms 
On R2 

R2n=Sh access-list 

Extended IP access list 1 00 

1 permit ip any any precedence routine log 

20 permit ip any any precedence priority log (25 matches) 

30 permit ip any any precedence immediate log 



CCIE R&*» b\ Narbik kuchariaiw \d\ anct-d CC1E R&S Work Buok 2.0 Page 181 of 1068 

C20Q9 Nirlrib Kucha riam. All rnjhls reserved 











40 permit ip any any precedence flash log 

50 permit ip any any precedence flash-override log 

60 permit ip any any precedence critical log 

70 permit ip any any precedence internet log 

SO permit ip any any precedence network log 

90 permit ip any any log 

Note the IP Precedence level is retained. 






Task 42 

Configure R3 and R4 in VLAN 34 and R5 and R6 in VLAX 56; use the following IP 
addresses to configure these routers. 

R3's F0.-0 - 10. 1 .34.3 ,24 and R4's F0 1 - 1 0.1.34.4 .'24 
R5's F0/0 - 10. 1 .56.5 .'24 and R6's F0 1 - 1 0. 1 .56.6 .'24 

You should provide Inter- VLAX routing between these two VLAXs, and Vlan 12, use 
the following IP addresses as their default gateway: 
For Man 12- 10.1.12.100/24 
For Man 34- 10.1.34.100.24 
For Vlan 56 -10.1.56.100 24 






On R3 

R3(config)#int fiTO 

R3(config-if)#ip addr 10. 1 .34.3 255.255.255.0 

R3(config-if)rrno shut 

On R4 

R4(config)#intfl)/l 

R4(config-it>ip address 1 0. 1 .34.4 255.255.255.0 

R4(config-if)r#no shut 

On R5 

R5(config)#in1 tfl'O 

R5iconfig-il>ip addr 10.1.56.5 "^55.255.^55.0 

R5fconfig-if)r#no shut 




cc 


IE R&S b> Narbik Kuchar-ians Advanced CCIE R&S Work Book 2.11 Page ISSoflt 

C 2009 Narbik Kucha runi. All rij[hu rrirrvfil 


168 



On K6 

R6(config)#intffl,'l 

R6(config-ii>ip address 10.1.56.6 255.255.255.0 

R6 icon fig- if)#no shut 

On Cat- 1 



Cat- l(config)#int IDG 
Cat- 1( con fig- if)rrS witch port mode access 
Cat- l(config-if)#s witch port access vlan 34 
Cat- 1 (con fig- if)#s panning portfast 

Cat-l(config)#int fl)/5 
Cat-l(config-if)rrSwitehport mode access 
Cat- l(config-if)#switchport access v'ian 56 
Cat- l(config-if)#spanning portfast 

On Cat-2 

Cat-2(config)#int fl)/4 
Cat-2(config-if)#swi mode access 
Cat-2(config-if)rrswi access vlan 34 
Cat - 2( con fig- ilVs panning portfast 

Cat-2(config)#int fll''6 
Cat-2(config-ift#swi mode access 
C at -2( con fig- if)rrswi access vlan 56 
Cat-2(config-if)#spanning portfast 

To provide Inter-Vlan routing: 

On Cat-2 

Cat-2(config)#]p routing 

Cat-2(config)#int vlan 1.2 

Cat.2i;config.ii)#ip address 10. 1.12.100 255.255.255.0 

Cat-2i;config)#intvlan 34 

Cat-2(config.if)#ip addr 10.1.34.100 255.255.255.0 

Cat-2(config)#int vlan 56 

Cat-2i;config-if^ip addr 1 0. 1 .56. 1 00 255. 255. 255.0 



CCIE R&<* by NarMk Kuehariaiw Advanced CCIE R&S Work Book 2.0 Page 183 of 1068 

£ 2009 X»rbiklCo durum All riflhu raerved 



On Rl and R2 

(OCHifig)#ip route 0.0.0.0 0.0.0.0 1 0. 1.11 100 
On R3and R4 

(coniig)# ip route .0. 0. 0.0 .0.0 1 0. 1 . 34. 1 00 

On R5 and R6 

(coniig)#ip route 0.0.0.0 0.0.0.0 1 0. 1.56. 100 

To test the configuration: 

On Rl 

Rl*Ping 10.1.34.3 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echo s to 10.1.34.3, timeout is 2 seconds: 

MM 

Success rate is 80 percent (4/5), round -trip min/avg/max = 1/1/4 ms 
Rl»Ping 10.1.34.4 

TypB escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 10. 1.34.4. timeout is 2 seconds: 

MM 

Success rate is SO percent (4/5), round-trip min/avg/max = 1/1/4 ms 

RlflPing 10.1.56.5 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 10.1.56.5, timeout is 2 seconds: 

Success rate is 100 percent (5/5), round-trip min/avg'max = 1/1/4 ms 

Rl*Pin» 10.1.56.6 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 10.1.56.6, timeout is 2 seconds: 

( (I M 

Success rate is 100 percent (5/5), round-trip min/avg'max = 1/2/4 ms 



CHE R&«* by Narfaflc Kuehariuns Advanced CCIE R&S Work Book 2.0 Page 184 of 1068 

C2009 NarbikKochariaiu. All riflhU raervetl 



las k 43 

Ensure that the traffic in VLAX 12 is marked with Precedence 3 and the traffic in VLAN 
34 is marked with Precedence 4. All other traffic should be set to Precedence 0. 



To configure this task, t\>o Class-maps are created, one is called VLAN- 12 and the 
second one is called VLAN-34, then, two policy-maps are created, one called VLAN- 12 
and the second one is called VLAN-34, then, the poliewnap VLAN- 12 is applied to 
interface Man 12 and policy-map VLAN-34 is applied to interlace vlan 34, lastly, the 
"mis qos vlan-hased"' command is applied to the physical interlaces in the trunk. 

On Cat-2 

C at -2(config)#ac cess- list 100 permit ip any any 

Cat-2(config)#c lass- map VLAN- 1 2 
Cat-2(config-cmap)#match access-group 100 

Cat-2(config)#Policy-rniap VLAX- 1 2 
Cat-2(coniig-pmap)k:iass VLAX- 1 2 
Cat-2(conng-pmap-c)T*sct ip precedence 3 

Cat-2(config)#C lass-map VLAX- 34 
Cat-2(confjg-cmap)#match access-group 100 

Cat-2(config)#Poliey-rniap VLAN-34 
Cat- 2( con fig- p map )#C lass VLAN-34 
Cat-2(config-pmap-c)T*sct ip precedence 4 

Cat-2(config)#intcriacc Vlan 12 
Cat-2(config-if)#scrvicc-polk:y in VLAX- 1 2 

Cat-2(config)#intcriacc vlan 34 
Cat-2(config-il')r#scmcc-polk:y in VLAN-34 

Cat- 2( co nfig)#int range fO/1 9-20 
Cat-2(config-if-range)rrroils qos vlan-bascd 
In test the configuration: 

On R2 

R2" Clear ace ess- list counters 



COE R&l$> b\ Narbik Kuctiarians Adtwiccd OCIE R&S Work Buok 2.11 Pqge 18St>flQ68 

£ 2009 Narbik Koch* runs. All rig h Unnerved 



This command is entered to clear the counters on configured access-list 

On kl 

ftlfgrag 10. 1.12.2 repeat 12 

Type escape sequence to abort. 

Sending 12, 100-byte 1CMP Echosto 10.1.12.2, timeout is 2 seconds: 

f M M II M M I 

Success rate is 100 percent (12/ 12), round-trip min.'avg/max = 1/2/4 ms 

The above Ping is repeated 12 times so it could be identified as traffic coming from 
VLAN 12 

On K3 

R3#Ping 10.1.12.2 repeat 34 

Type escape sequence to abort. 

Sending 34, 1 00-bytc 1CMP Eehos to 1 0. 1. 12.2, timeout is 2 seconds: 



IIIIIIIIIIMIIIIIIIIIIIIIIIIIIIIII 



Success rate is 100 percent (34/34), round-trip min.'avg/max = 1/2/4 ms 

The above Ping is repeated 34 times so it could be identified as traffic coming from 
VLAN 34 

On R5 

R5*Ping 10.1.12.2 repeat 56 

Type escape sequence to abort. 

Sending 56, 1 00-bytc 1CMP Echosto 10.1.12.2, timeout is 2 seconds: 

HHll!IUI1IHHMHUHI11IIMIHlHimHIIHHniUI 

Success rate is 100 percent (56/56), round-trip min.'avg/max = 1/1/4 ms 

The above Ping is repeated 56 times so it could be identified as traffic coming from 
VLAN 56 



To verify the configuration: 



On R2 



CCIE R&S by Narbik Kucharians Advanced CC1E R&S Work Book 2.11 Page 186 of 1068 

C2009 Narbik. ICo durum All riflhu reirrvwl 



R2*Sh access-list 



Untagged traffic (VLAN 5ft) 

I 



Extended IP access list 1 00 

10 permit ip any any precedence routine lot; (56 matches) 

20 permit ip any any precedence priority log 

30 permit ip any any precedence immediate log 

40 permit ip any any precedence Hash lot; (12 matches) 



50 permit ip any any precedence flash -overridt 

60 permit ip any any precedence critical log 
70 permit ip any any precedence internet log 
SO permit ip any any precedence network log 
90 permit ip any any log 

Traffic from VLAN 34 tagged \tith IP Precedence 4 

Traffic from VLAN 12 tagged with IP Precedence 3 



log (34 matches) 



Task 44 

Erase the config.tcxt and VI an .d at and reload the switches before proceeding to the next 
lab. 



CCIE R&*> bv Narblk Kucharians 



Advanced CCIE R&S Wark Book 2.0 

C2009 Mar l>ik Kucha runi. All rij|hti raerv«l 



Page 18?t>fl068 



Lab 5 - Advanced Spanning-trcc protocol 

Configuration 



FQ/19-20 








Tl 




S 




N> 




•^ 




ha 




kl 



FO/19-20 



Task I 



Shut down all ports except ports FO I 9-22 on all switches. 



On All Switches: 




(coniig)#]ntcdacc range FO/l-18 , FO/23-24 


(eonfig-it-rangc)#Shutdown 




I o vcrifv the confiauration: 




On All Switch: 




Port Name Status VI an 


Duplex Speed Type 


FaO.T disabled I 


auto auto 10 100BaseTX 


FaO/2 disabled 1 


auto auto 10 100BaseTX 



CCIE R&S by N'Hi-Uk Kuc-hariaiw Advanced CC1E R&S Work Book 2.0 

C 2D09 Varbik Kucha rianx All rijhu reserved 



Page 188 of 1068 













FaO 3 disabled I auto auto 10" 100BaseTX 








FaO/4 disabled 1 auto auto 1 0. 1 OOBascTX 








FaO/5 disabled i auto auto 10 100BaseTX 








FaO/6 disabled 1 auto auto 10 100BaseTX 








FaO/7 disabled 1 auto auto 1 1 OOBascTX 








FaO/8 disabled i auto auto 10 100BaseTX 








FaO/9 disabled 1 auto auto 10/1 OOBascTX 








FaO/ 10 disabled 1 auto auto 1 100BaseTX 








FaO/ 11 disabled 1 auto auto 10,' 100BaseTX 








Fa0/12 disabled i auto auto 1 1 OOBascTX 








FaO/ 13 disabled 1 auto auto 1 100BaseTX 








Fa0T4 disabled 1 auto auto 10 100BaseTX 








FaO/ 15 disabled I auto auto 1 0/1 OOBascTX 








FaO/ 16 disabled 1 auto auto 1 '100BaseTX 








FaO,' 17 disabled 1 auto auto 1 100BaseTX 








FaO/ 18 disabled i auto auto 10 100BaseTX 








FaO/19 connected 1 a-full a-100 M/lflOBaseTX 








FaO/ 20 connected 1 a-full a-1 00 10/ 100BaseTX 








FaO 21 connected trunk a-full a-100 10/ 100BaseTX 








FaO/22 connected trunk a-full a-100 10 100BaseTX 








FaO 23 disabled 1 auto auto 10/1 OOBascTX 








FaO '24 disabled 1 auto auto 10/ 100BaseTX 






Task 2 




Configure ports FOT 9-20 between SW-1 and SW2. and between SW-3 and SW-4 as two 


trunk ports: you should use an industry standard protocol to accomplish this 


task. These 


ports should never become an access port through negotiation. 






On SW'-l andSW-2 








(eonfig)#int range fl]/ 19-20 








( co nfig- it-ran gc)# Switch trunk encap dot! q 








(config-it-range)f*Switch mode trunk 








To verify the conilmmttion: 








On SW-1 








SW-l#Sbow int taink 






CCIE R&^» by Narbik Ko*hflrlflitt Achunced OCIE RJtS Work Book 111 


Page 189 of 1068 


C 2009 Narbik Kucha riant. All rijhU rtserv«l 





Port Mode Encapsulation Status 
FaO/19 on 802. lq trunking 
FaO/20 on 802. lq trunk ing 
( The rest of the output is omitted) 


Native vlan 

1 
I 


On SW-2 




SW-2#Show int taink 




Port Mode Encapsulation Status 
FaO/19 on 802. lq trunking 
FaO/20 on 802. lq trunking 
t The rest of the output is omitted) 


Native vlan 

1 
1 


On SW-3 and SW-4 




(coniig^int range ti)/ 19 -20 

( co nfig- it-ran ge)# Switch trunk encap dot 1 q 

( co niig- it-ran ge)#Switch mode trunk 




To verify the configuration: 




On SW-3 




S\V-3#Show int tain k 




Port Mode Encapsulation Status 
FaO/19 on 802. lq trunking 
Pa0/20 on 802. lq trunking 
i The rest of the output is omitted) 


Native vlan 

1 
I 


On S\\ -4 




S\V-4#Sho\v int taink 




Port Mode Encapsulation Status 
FaO/19 on 802. lq trunking 
FaO 20 on 802. lq trunking 
i The rest of the output is omitted) 


Native vlan 

1 
I 



CCIE R&* by \nrUk Kuehariaiw Advanced CCIE R&S Work Book 2.0 Page 190t>flQ68 

C 2009 Narbik Kucha riaiu. All rijjhu rcirncd 



Task 3 

Con 1: guru ports FO 1 1 -11 between SVY-2 and SVY4. and between SW-I and SW-3 lis two 
trunk ports: you should use an industry standard protocol to accomplish this task. These 
ports should never become an access port through negotiation. 



On SW-2 and SW -4 

(coniig)#int range til'2 1 -22 
feonJig-if-rangc)nSw r iteh trunk encap dot I q 
( con Jig- it-ran gc)# Switch mode trunk 

To vcrifv the configuration: 



On S\\ 


-4 










S\V-4r*Show int trun 


k 






Port Mode 
Fuij 19 on 
FaO/20 on 
FaD/21 on 
FaO/22 on 
i The rest of the < 


nttp 


Encapsulation 
802. 1 q 
802. lq 
802.1q 
802. lq 
ut is omitted) 


Status 

trunking 

trunking 

trunking 

trunking 


Native vlan 

1 
I 
1 
1 


On S\\ 


-2 










SW-2#Sk>w inttrun 


k 






Port 
FaO/19 
FaO/20 
FaO 2 1 
FaO 22 


Mode 

on 
on 

on 
on 




Encapsulation 
802. lq 
802.1q 
802.1q 
802.1q 


Status 
trunking 

trunking 
trunking 
trunking 


Native vlan 

1 
1 

1 
1 



(The rest of the output is omitted) 
On SW-1 and SW-3 

(eonJigHrrint range tf)/2 1 -22 
(config-if-rang!c)#Switch trunk encap dot 1 q 
fconJig-ii-range)#Sw'itch mode trunk 



To verify the configuration: 



CCIE R&«* by Narbik Kucharians Advanced CCIE R&S Work Book 2.0 Page 191 of 1068 

C2QQ9 Narbik Koch* runs. All rijjhu raerved 



On SW-I 










SW-l#Show inttrun 


k 






Port Mode 




Encapsulation 


Status 


Native vlan 


FaD/19 on 




802. 1 q 


trunk'.nt: 


I 


FaO/20 on 




802.1q 


trunking 


1 


FaO/21 on 




802. lq 


trunking 


1 


FaO/22 on 




802. lq 


trunking 


1 


(The rest oj the t 


nitp 


Mf is omitted) 






On SW-3 










SW-3#Sk>w int trun 


k 






Port Mode 




Encapsulation 


Status 


Native vlan 


FaO/19 on 




802. lq 


trunking 


1 


FaO/20 on 




8Q2.1q 


trunking 


1 


FaO/21 on 




802.1q 


trunking 


I 


FaO/22 on 




802. lq 


trunking 


1 


rT/ic resrf of the t 


nttp 


m? i.v omittedf 







Task 4 

These switches should be configured in a VTP domain called "CCIE' 



On SW-I 

(config)#vtp domain CCIE 

This configuration will he propagated via VTP to the other switches. 

To vL'fit'y the configuration: 



On SW-3 

S W-3#Sriow vtp status I inc VTP Domain Name 
V TP D o mai n N amc : C C 1 E 



CCIE R&S by Narfaflc Kucharians Advanced CCIE R&S Work Book 2.0 Page 192 of 1068 

C 3009 Xarbik Kuchiriani. All righti reserved 



Note the domain name is propagated In \TP 



Task 5 

Create the following VLANs and ensure that they arc propagated to all four switches: 
100.2 . 30 . 40 . 5 and 600 



On SW-I 








S\Y.l(coniig)#vlan 100,: 


100,: 


00,400,500,600 


S W- l(contig-vlan)#cxit 






To verify the configuration: 


On SW-1 








SW- l#Sh vlan br 


exc unsup 




VLAN Name 






Status Ports 


1 default 






active Fat), 1 , FaO, 2, FaO.. 3, FaO/4 
FaO/5, FaO/6, FaO/7, FaO/8 
F afl/9 , FaO/ 1 , FaO/ 1 1 s FaO/ 1 2 
FaO/ 13, Fa07'14. FaO :'15. FaO/ 16 
FaO/ 17, FaO. 18, FaO. 23, FaO/24 
G«li,GiO/2 


100 VLAN0100 






active 


200 VLAN0200 






active 


300 VLAN0300 






active 


400 VLAN0400 






active 


500 VLAN0500 






active 


600 VLAN0600 






active 


On SW -4 








SW-4#Sh vlan br 


exc unsup 




VLAN Name 






Status Ports 


1 default 






active FaO 1 , Fa0/2, FaO/3, FaO/4 



CCIE R&S by Narfaflc Kuchariuiw Advanced CCIE R&S Work Book 2.0 Page 193 of 1068 

C 2009 NarbikKochariaiu. All rijhu reierved 





FaO/5, FaO/6, FaO/7 s FaO/8 




FaQ/9, FaO/10, FaO/ii s FaO 12 




FaO/ 1 3, FaO/ 1 4, FaO/ 1 5, FaO/ 1 6 




Fa0/17 ; Fa0/18 s FaD/23, FaD/24 




GiO/],GiO 2 


100 VLAN0100 


active 


200 VLAN0200 


active 


300 VLAN0300 


active 


400 VLAN0400 


active 


500 VLAN0500 


active 


600 VLAN0600 


active 



Task 6 

Ensure that SW-1 is the root bridge for VLAN 100, SW-2 is the root bridge for VLAN 
20 0, SW-3 is the root bridge for VLAN 300 and SW-4 is the root bridge for VLAN 400. 
You should use a macro to accomplish this task. 



On SW-1 

S W- 1( con tig )#sp arming- tree vlan 100 root primary 

On SW-2 

S W- 2( co niigJrrS panning- tree vlan 200 nx.it primary 

On SW-3 

SW-3(coniig)#S panning- tree vlan 300 nx.it primary 

On SW -4 

SW-4(coniig)#Spanning-trcc vlan 400 root primary 

To verify the configuration: 

On SW-1 

SW-l»Sh spanning -tree \'LAN 100 



CCIE R&S by \nrUk Kuchariuiw Advanced CCIE R&S Work Book 2.0 Page 194 of 1068 

C 2009 Narbik Kucha riaiu. All rijhu rcirrvrd 



VLAX0100 




Spanning tree enabled protocol iccc 




Root ID Priority 24676 




Address O0ib.2bB5.Oe00 




This bridge is the root 




Hello Time 2 sec Max Age 2G 


sec Forward Delay 1 5 sec 


Bridge ID Priority 24676 (priority 24576 sys-id-cxt 100) 


Address (HHb.2be5.0e00 




Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec 


Aging Time 15 




Interlace Role Sts Cost Prio.Nbr 


Type 


FaO/19 Dcsg FWD 19 128.21 


P2p 


Fa0/20 Dcsg FWD 19 128.22 


P2p 


Fa0/21 Dcsg FWD 19 128.23 


P2p 


FaD/22 Dcsg FWD 19 128.24 


P2p 


On SW -2 




SW-2*Sh spanmng-tree VLAN 200 




VLAN0200 




Spanning tree enabled protocol iccc 




Root ID Priority 24776 




Address 00lc.575f.fd00 ^ 




This bridge is the mot 




Hello Time 2 sec Max Age 20 


sec Forward-Delay 15 sec 


Bridge ID Priority 24776 (priority 245 TjLsys-itNcxt 200) 


Address 001e.575f.fd00 *"~~ 




Hello Time 2 sec Max Age 20 


sec Forward Delay 1 5 sec 


Aging Time 15 




Interlace Role Sts Cost Prio.Nbr 


Type 


FaO/19 Dcsg FWD 19 128.21 


P2p 


FaO/20 Dcsg FWD 19 128.22 


P2p 


Fa0/21 Dcsg FWD 19 128.23 


P2p 


FaD/22 Dcsg FWD 19 128.24 


P2p 


On SW -3 





CCIE R&* by NarMk KucharLaiw Advanced CCIE R&S Work Book 2.0 Page 19SoflQ68 

£ 3009 Xarbik Kuchiruni. All righti rtaervetl 



SW-3#Sli 


spanning -tree VLAN 300 


VLAN03 


)0 


Spanning tree enabled protocol icce 


Root ID 


Priority 24876 




Address (HP0d.6sen.3l80 *"" \ote this matches the MAC ol this 




This bridge is the root Switch 




Hclk) Time 2 sec Max Age 20 sec Forward Delay 15 sec 


Bridge ID Priority 24876 (priority 24576 sys-id-cxt 300) 




iHrJmr. hltlkrl fi^r-i 1.1 Hfl 4 




Hclk) Time 2 sec Max Age 20 sec Forward Delay 1 5 sec 




Aging Time 15 


Interface 


Role Sts Cost Prio.Nbr Type 


FaO/19 


Dcsg FWD 19 128.21 P2p 


FaO 20 


Dcsg FWD 19 128.22 P2p 


Fa0,'21 


Dcsg FWD 19 128.23 P2p 


FaO/22 


Dcsg FWD 19 128.24 P2p 


On SW- 


4 


SW-4*Sh 


spanning- tree VLAN 400 


VLAN0400 


Spannin 


2 tree enabled protocol icce 


Root ID 


Priority 24976 




Address (P00d.65cl.9200^^ 




This bridge is the root """ -»*^^ 




Hello Time 2 sec Max Age 20 sec Forward Detey-4-5_^cc 


B ridge I D P rio r ity 24 9 7 6 ( p rio ri ty 24 5 7 6_ sys*id-cxT4TJ (f) 




Address OOOd. 65c 1.9200 *^ 




Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec 




Aging Time 300 


Interface 


Rol' Sts Cost Pr.o.Nbr Type 


FaO 1 9 


Dcsg FWD 19 128.21 P2p 


FaO/20 


Dcsg FWD 19 128.22 P2p 


FaD/21 


Dcsg FWD 19 128.23 P2p 


Fa0.22 


Dcsg FWD 19 128.24 P2p 



CCIE R&«* by NarMk Koetiarians Advanced CCIE R&S Work Book 2.11 Page 196 of 1068 

C2Q09 Narbik Koch* rum All riflhu raervctl 



Task 7 

Implement the following policy: 

1 . V L AN" 1 00 sho u Id never traverse S W-4 

2. VLAN 200 should never traverse SW-3 

3. VLAN" 300 Should never traverse SW-2 

4. VLAN" 400 should never traverse SVV-1 



'I'he first 1'oltev 
On SW-2 

S\V-2(config)#int range 10/21-22 
S\V-2(config-if-rangc)#switchport trunk allowed vlan except 100 

On SW-3 

SW-3(config)#int range ffiT 9-20 
S\V-3(contig-ii-rangc)#-switchport taink allowed vlan except 100 

On SW-4 

SW-4(conf.g)#int range fQ- 1 9-22 
S\V-4(config-if-rarigc)#s\vitchport taink allowed vlan except 100 

To vL-rifv thL- i-onfiauration: 



On SW 


_2 


SW-2#Sli 


int trunk 


Port 


Mode 


FaO.. 1 9 


on 


FaO/20 


o n 


FaO 2 1 


i.i n 


FaO 22 


on 



Encapsulation Status Native vlan 

802. lq trunk ing I 

802. I q trunk ing 1 

802. 1 q trunking 1 

802. lq trunking 1 

Port Vlans alb wed on trunk 

FaO 19 1-4094 

Fa0/20 1-4094 

FaO/21 l-99 s l 1-4094 <^_^- Note VLAN 1 00 is NOT allowed on the 

FaO/22 1-99,101-4094 * trunk 



CCIE R&S by Narbik Kucharians Advanced CC1E R&S Work Book 2.0 Page 19? of 1068 

C.2009 Virbik Kuchiriini. All rij;liU reserved 



Port 
Fat): 19 
Fafl/20 

Fail 1 1 
FaO 22 



Vlans allowed and active in management domain 
1,100,200,300,400,500,600 
1,100,200300,400,500,600 
1,200,300,400,500,600 
1,200,300,400,500,600 



Port Vlans in spanning tree forwarding state and not pruned 
FaO 19 LI 00,200,40 0,50 0,600 
Fa0/20 1,200,400,500,600 
Fa0/2 1 1 ,2 00 ,3 ,40 0,50 0, 60 

Port Vlans in spanning tree forwarding state and not pruned 
FaO/ 22 200 

On SVV-3 

SVy-3*Showinttmnk 

Port Mode Encapsulation Status Native vlan 

FaO/ 19 on 802. lq trim king I 

FaO/20 on 802. lq tmnking I 

FaO/21 on 802. lq tmnking 1 

FaO/22 on 802. lq tmnking 1 



Port Vlans allowed on trunk 
FaO/ 19 1-99,1 01-4094 «- 
FaO/ 20 1-99,101-4094 
FaO '21 1-4094 
FaO/22 1 -4094 



Note VLAN 100 is NOT allowed on the 
trunk 



Port Vlans allowed and active in management domain 
FaO 1 9 1 ,200,300,400,500,600 
FaO 20 1,200,300,400,500,600 
FaO/ 2 1 1, 1 00 ,2 ,30 0,40 0, 50 , 60 
FaO 2 1 1 , 1 ,2 ,30 0,40 0, 50 , 60 

Port Vlans in spanning tree forwarding state and not pruned 

FaO. 19 1200,300,400,500,600 

FaO/ 20 300 

FaO/21 1,100,300,400,500,600 

Port Vlans in spanning tree forwarding state and not pruned 
FaO/22 1,300,400,500,600 



CCIE R&«* bv Narbik Kuirharians 



Advanced CCI E R&S Work Book 2.0 

C2009 Virbik Kucha rian«. All rtyhta reserved 



Page 198 of 1068 













On SW-4 








SW-4#Sha int tmnk 








Port Mode Encapsulation Status Native vlan 
FaO/19 on 802. lq tainking I 
FaO/20 on 802. lq blinking 1 
FaO/21 on 802. lq tainking 1 
FaO/22 on 802. lq tainking 1 








Port Vlans allowed on trunk 
FaO/19 1-99,101-4094 
FaO/20 1-99 J 01-40 94 
FaO/21 1-99 ,1 01-40 94 
FaO/22 1-99 J 01-40 94 








Port Vlans allowed and active in management domain 
FaO 1 9 1 ,200 ,3 ,40 0,50 0, 60 
FaO/20 1 £ 00 ,3 ,40 0,50 0, 60 
FaO/21 1,200,300,400,500,600 
FaO/22 1 ,200 ,3 ,40 , 5 0, 60 








Port Vlans in spanning tree forwarding state and not pruned 

FaO/19 1,300,400,500,600 

FaO 20 1,400,500,600 

Fa0/2 1 1 ,200 ,3 00 ,40 0,50 0, 60 








Port Vlans in spanning tree forwarding state and not pruned 
FaO/22 1,300,400,500,600 








Note VLAN 100 is NOT allowed on the trunk. 








The second policy; 








On SW-1 








S\V-](coniig)#int range JO/2 1-22 

S W- 1( "con tig- if- ranged Switch tmnk allowed vlan except 200 








To verify the configuration: 








On SW-1 








SW-l#Sh int trunk 






cc 


IE R&S< b\ Narbik kuchariaiu Advanced CCIE R&S Work Book 2.11 

C2DQ9 Varbik Kucha rianx All riflhu raervnl 


Page 199 of It 


US 



Port 


Mode Encapsulation Status Native vlan 


FaO/19 


on 802. lq trunking I 


FaO/20 


on 802. lq trunking I 


FaO/21 


on 802. lq trunking I 


FaO/22 


on 802. lq trunking I 


Port 


Vlans allowed on trunk 


FaQ/19 


1-4094 


FaO/20 


1-4094 


FaO/21 


1-199,201-4094 


FaO/22 


1.199201-4094 


Note VL 


AN 200 is NOT allowed to traverse the trunk links connecting this switch to 


SW-3 




On S\\ 


-4 


S\V-4(config)f*int range fD' 1 9-20 


SW-4(config-if-rangc)#Switch trunk allowed vlan except 1 00.200 


To verl 


IV the configuration: 


S\\ -4 




SW-4#Sh int trunk 


Port 


Mode Encapsulation Status Native vlan 


FaO/19 


on 802. lq trunking 1 


FaO/20 


on 802. lq trunking I 


FaO/21 


on 802. lq trunking 1 


FaO/22 


on 802. lq trunking I 


Port 


Vlans allowed on trunk 


FaO/19 


1-99 J 01- 199,20 1-4094 


FaO/20 


1-99, 10 1-19920 1-4094 


FaO/21 


1-99 JO 1-4094 


FaO/22 


1 -99,10 1-4094 


Note VLAN 200 is NOT allowed on the trunk ports connecting this switch to SVV-3 


On SW3 


The folli 


nving configuration on ports F 0/1 9-20 has to be reconfigure to deny 



CCIE R&«> by Narbik Kuchariaiw Advanced CC1E R&S Work Book 2.0 Page 200oflQ68 

C 2009 Narbib Kucha rianx All rights rcirnril 



VLAN KM) again, or else, the command for VLAN 2(10 \> ill override the previous 
configuration that was denying VLAN 1(10. 


SW-3(contig)#int range 10/ 19-20 
S W- 3(00 n tig- if- rangc)#switc h p o rt 


trunk allowed vlan except 100,200 


S\V-3(config)#int range 10/2 1-22 
S W- 3( co n tig- if- rangc)#switc h p □ rt 


trunk allowed vlan 


except 200 


The third Poliev: 






On S\V 


-2 






SW-2(coniig-if-rangc)#int range tO/21-22 
SW-2(config-if-rangc)rrswi trunk allowed vlan except 


100,300 


SW-2(coniig-if-rangc)#int range 10 19-20 

S W-2(config- if- range )#$wi trunk allowed vlan except 


300 


I o veri 


tV thi' configuration: 






On S\Y 


-2 






SW-2#Sh int trunk 






Port 

FaO/19 

Fa0/20 

Fa0/21 

FaO/22 


Mode Encapsulation Status Native vlan 
on 802. lq trunking I 
on 802. lq trunking 1 
on 802. lq trunking I 
on 802. lq trunking I 


Port 

FaO/19 

FaO/20 

FaO/21 

FaO/22 


Vlan s allowed on trunk 
1-299301-4094 
1-299,301-4094 
1-99,101-299,301-4094 
1-99,101-299,301-4094 






Note the 
whereas, 


ahove output show that on ports FuV 19-20 ONLY VLAN 300 is denied, 
on ports FO-21-22, VLANs 100 and 300 are denied. 


On S\V 


-4 






SW.4(config)#int range fO'21-22 

SW-4( con tig- if- range )#swi trunk allowed vlan except 


100,300 



CCIE R&*» b\ Nartrfk kuL-harians Advanced CCIE R&S Work Book 2.0 Page 201 of 1068 

CM! Narhik Kucha runt. All rnjhU roervetl 



To verify the configuration: 

On SW-4 

SVV-4#Sh int trunk 

Port Mode Encapsulation Status Native vlan 

FaO 19 on 802. lq tainking I 

FaO/20 on 802. lq tainking 1 

FaO/21 on 802. lq blinking 1 

Fa0'22 on 802. lq tainking 1 

Port Vlans allowed on taink 
FaO 19 I -99,10 1-199,20 1-4094 
FaO/20 1-99,101-199,201-4094 
FaO/2 1 1 - 99 , 1 1 -29 9 , 30 1 -40 94 
FaO/ 22 I -99 s 10 1 -299 , 30 1 -4094 

Note SW-4 denies VLANs 100 and 200 on ports FO/19-20, whereas, VLANs 100 and 

300 are denied on ports FO/21-22. 

On SVV-1 

S W- l(config)#int range 10' 19-20 
S\V-l(conlig-if-rangc)#S\vitch taink allowed vlan except 300 

To verify the configuration: 



On SYY 


-1 






SW-laShint trunk 






Port 
FaO/ 19 
FaO/20 

FaO 2 1 
FaO 22 


Mode Encapsulation 
on 802. lq 
on 802. lq 
on 802. lq 
on 802. lq 


S tat lis 
trunk ing 
trunk '.ny: 
trunk ing 
trunk ing 


Native vlan 

1 
1 
1 

1 


Port 
FaO/ 19 
FaO; 20 
FaO '21 
FaO/22 


Vlans allowed on trunk 
1-299,301-4094 
1-299,301-4094 
1-199,201-4094 
1-199.201-4094 







CHE R&S by NarMk Kucharians Advanced CCIE R&S Work Book 2.0 Page 202 of 1068 

C 2009 Narbik Koch* rum All rij|hU raervetl 



Note VL 
FO/19-20 


-YN 200 is denied cm ports FO/21 


■22, 


whereas, VLAN 300 is denied on ports 


I'he for 


tJi Policy: 










On S\V 


-1 










SW- l(config)frint range FO/19-20 

SW- l(contig-if-rangc)rrs\vi trunk allowed \ 


Ian 


except 


300400 


SW-l(config)#int range 10/21-22 

SW- l(contig-if-range)frswi trunk allowed \ 


]an except 


200400 


I o veri 


t'v the configuration: 










On SW 


-1 










S\V-l#Showint trunk 










Port 
FaO/19 
FaO/20 
FaO/21 
FaO 22 


Mode Encapsulation 
on 802. lq 
on 802. lq 
on 802. lq 
on 802. lq 


Status 
trunk ing 
bunking 

trunk ing 
trunk ing 


Native vlan 

1 
I 
1 
1 


Port 

FaO/19 

FaO/20 

FaO/21 

FaO/22 


Vlans allowed on trunk 
1-299,301-399401-4094 
1 -29 9 r 3 01-399 4 1 -40 94 
1-199,201-3994014094 
1-199,201-3994014094 










Note VLANs 300 and 400 are both denie 
and 40(1 are denied on ports FO/21-22. 


1 on ports 


FO/19-20, whereas, VLANs 200 


On SW 


-2 










SW-2(coniig)rrint range tO/19-20 
SW-2(conn"g-if-rangc)#s\vi trunk allowed \ 


Ian 


except 


300400 


To veri 


t'v the configuration: 










On SW 


-2 











CCIE R&«* by NarMk Kucharians Advanced CCIE R&S Work Book 2.0 Page 203 t>flQ68 

C2009 >iarbik Kuchirunx. All righti raervetl 



SW-2#Sh int trunk 

Port Mode Eric 

FiiiJ 19 on 802 

FaO/20 on 802 

FaG 21 on 802 

FaO. 22 on 802 



apsuiation Status 

. lq trunk ing 

. lq trunk ing 

• iq 

.lq 



trunk ing 
trunk ing 



Native vlan 

1 
1 
1 
! 



Port Vlans alb wed on trunk 

FaO 1 9 1 -29930 1 -399,40 1 -4094 

FaO '20 1 -299,30 1 -399,40 1 -4094 

FaO/21 1-99,101-299301-4094 

FaO/22 1 -99, 10 1 -299,30 1 -4094 

Note VLANs 300 and 400 are denied on ports F0.' 19-20, whereas, VLANs 100 and 
300 are denied on ports FO'2 1-22. 

On SW -3 

SW-3(config)#int range 10 21-22 

SW-3( con tig- if- range )#swi trunk allowed vlan except 200,400 

To verify the configuration: 



On SW-3 



SW-3#Sho\v int tain k 



Port 


Mt 


FaO; 19 


on 


FaO 20 


on 


FaO/21 


o n 


FaQ/22 


on 



Encapsulation Status 
802. lq tainking 

802. lq tninking 

802. lq tninking 

802. lq tainking 



Port Vlans allowed on taink 

FaO 19 1.99,101-199,201-4094 

FaO '20 1-99,101-199,201-4094 

FaO/21 I -199,201-399,401-4094 

FaO; 22 1 - 1 9 9 .2 Q 1 -3 9 9 ,4 1 -4 94 



Native vlan 

1 



Note VLANs 10(1 and 200 are both denied on ports FW 19-20, whereas, VLANs 200 

and 400 are denied on ports F0.-'21-22. 



CCIE R&«* bv Narbik Kucharians 



Advanced CC1 E R&S Wftric Book 2.0 

C2009 Varbik Kucha riani. All rijhu raervwl 



Page 204 of 1068 



Task 8 



Configure SW-1 SiflC h that if s the root bridge for VLAN 500, if this switch goes down, 
SW-2 should become the root bridge tor this VLAN. 



On SW-1 

S W- ](contig)#Spanning-trcc vkn 500 root primary 
On SW-2 

S \V-2( co nfig^Spanning- tree via n 500 rcx.it secondary 
To verify the confiaumtion: 

On SW-1 



S\V-l#Sh spanning-trcc v.an 500 

VLAN0500 
Spanning tree enabled protocol icce 
Root ID Priority 25076 

Address D01b.2be5.Oe4M) 

This bridge is the mot 

Hello Time 2 sec Max Agc\20 sec Forward Delay 1 5 sec 

B ridge 1 D P rio rity 250 7 6 (priori ty 24 5 7^ sys- id -ex t 5 ) 
Address 001b.2be^0e00 

Hello Time 2 sec Max-Age 20 sec Forward Delay 15 sec 
Agi ng T imc 300 
( The rest of The output is omitted/ 

On SW-2 

SW-2#Sh spanning-trcc vlan 500 

VLAN0500 
Spanning tree enabled protocol icce 
Root ID Priority 25076 

Address D0fb.2be5.0e00 

Cost 19 

Port 21 (FastEthcrnctQ.'lQ) 
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec 




CCIE R&<> by Narvik Ku char Lain Advanced CCIE R&S Work Book 2.0 

C 2009 \irlrib Kucha riam. All rnjhb reserved 



Page 2Q5 of 1068 



Bridge 


ID Priority 

Address 


29172 
D01c5* 


(priority 


286 


72 


sys-id-cxt 


500) 








Hello Time 


2 sec 


Max Age 


20 


sec 


Forward 


Delay 


15 


sec 




Aging T:mi 


300 
















i The rest of the output is oini 


ttedf 















Task 9 

Ensure that the traffic Irom SW-2 for VLAN 500 uses ports F0 1 9 or F0 20 ONLY if the 
path through SW-4 to SW-3 to SW-1 is NOT possible due to a link being down. 



On SYV-2 

SVv'-2#Sri spanning -tree vlan 500 

YLAN0500 
Spanning tree enabled protocol iccc 
Root ID Priority 25076 

Address 001b.2bc5.0c00 

Cost 19 

Port 21 (Fa st Ether net 0/1 9) 

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec 

B ridge ID P rio rity 29 1 72 ( p rio ri ty 28 6 72 s ys- id -ex t 5 ) 
Address 001c.575f fdOO 

Hello Time 2 sec Max Age 20 sec Forward Delay 1 5 sec 
Aging Time 300 

Interface Role Sts Cost Prio.Xbr Type 



FaO/19 


Root F\YD 19 


128.21 


P2p 


Full III 


AltnBLK 19 


128.22 


P2p 


FaO/21 


Dcsg FWD 1 9 


128.23 


P2p 


FaO/22 


Dcsg FWD 19 


128.24 


P2p 



Note SW-2 is taking port FO/19 to get to the root b ridge lor YLAN 500, and it's root 

cost is 19 uhich is the cost of a 100 Mbps link. II these ports are shut down, you 

should see the cost of the local snitch (SW-2) to the mot bridge, it should be as 

follows: 

The cost of the link from SW-2 to SW-4 whieh is 19 - 



CCIE R&«* bv Narvik Kuirhariami 



Advanced CCIE R&.S Uurk Book 2.0 

C 30419 Virbik Kucha riani. All rijliu reserved 



Page 206 of 1068 



The cost of the link from SW-4 to SVV-3 which is 19 - 
The tost of the link from SW-3 to SW-1 which is also 19 
The total equals to 57, to reveal this information: 

On SW-2 

S\\V2(coiifig)*int range ffi'l 9-20 
S W- 2(co n 1 ig- if- rangc)#Sh u t 

I'o sit ttiL 1 L't'R'L't: 

SW-2f'config-if-rangc'!i"do sh spanning-trcc vian 500 

VLAN0500 
Spanning tree enabled protocol iccc 
Root ID Priority 25076 

Address 001b.2bc5.0e00 
Cost 57 

Port 23 (FastEthernetlMl) 
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec 

Bridge 1 D Priority 29 1 72 (priority 28672 sys-id-cxt 500) 
Address 001c.575f.fdOO 

Hello Time 2 sec Max Age 20 sec Forward Delay 1 5 sec 
Aging Time 15 

Interface Role Sts Cost Prio.Nbr Type 

Fall.' 21 RootFWDl9 128.23 P2p 

Fa0,22 AltnBLK 19 128.24 P2p 

Note it is taking port FH/21 toward SW-4 using port F0.21. If this is traced all the 
hack to SW-1 you will see that the path from SVV-2'S perspective is through SW-4 to 
S\V-3toSW-l. 

To configure this task, you should "no Shutdown" ports FOT9-20 first. 
On SW-2 

S\V-2(config)#int range ttT'l 9-20 
S W : - 2( co n fig- if- rangc)#No S hu t 

S \V- 2( co n fig- if- range)* Spanning -tree vlan 500 cost 58 



CCIE R&*> by NarMk Kuehariaiw Advanced CCIE R&S Work Book 2.0 Page 20? of 1068 

C 2009 Xarbik Koch* ruins. All riflhU rcirrved 



Note the above command sets the cost through ports FO/19-20 higher than 57, and as 
a result of that, the traffic for V LAN 500 nil I traverse through the alternate path 
which is to SW-4 to SW-3 to SW-1 which has a cost of 57. 

To verify the configuration: 

On SW-2 

SW-2*Sh spanning-trcc v.an 500 

VLAN0500 
Spanning tree enabled protocol iccc Note the best cost is now 57. 

Root ID Priority 25076 ^**^ 

Address 00 1 b..2J»5Ucb 

Cost 57*""" 

Port 23(FastEthcrnct0'21) 

Hello Time 2 sec Max Age 20 see Forward Delay 1 5 sec 

Bridge ID Priority 29172 (priority 28672 sys- id -cxt 500) 
Address 00 Ic.575f.fy00 

Hello Time 2 see Max Age 20 sec Forward Delay 1 5 sec 
Aging Time 300 

Interface Role Sts Cost Prio.Nbr Type 

FaO 19 AknBLK58 128.21 P2p 

FaO 20 AltnBLK58 12822 P2p 

FaO/2 1 Roo t F WD 19 1 2 8 .23 P2p 

FaO 22 AltnBLKI9 12824 P2p 



I ask \\\ 

Configure SW-3 as the root bridge for VLAN 600; this switch should be configured such 
that traffic for VLAN 600 uses the following ports: 

F0 2! from SW-1 
F0/2O from SW-4 



On SW-3 



S\V-3fconfig)#int range ff) 20-21 



CCIE R&*» b\ Narhlk Kuchariati!. Adt anted OCIE R&S Work Book 2.11 Pqge 208 of 1068 

£2009 Narbik Kuchariani. All rij[hU rrirrvfil 



S \V- 3( co n tig- if)#S panning- tree vlan 600 port-priority 
"l'o verify the configuration: 

On SW4 

SV\'-4ffSh spanning vlan 600 

VLAN0600 
Spanning tree enabled protocol iccc 
Root ID Priority 25176 

Address 000d.65ca.3180 

Cost 19 

Port 20 (FastEthenietO.aO) 

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec 

B ridge 1 D P rio rity 33 368 f p rio ri ty 32 7 6 8 s ys- id -ex t 6 ) 
Address OOOd. 65c 1.9200 

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec- 
Aging Time 300 
Interface Role Sts Cost Prio.NbrTypc 

FaO 19 AltnBLK 19 128.19 P2p 

FaO/ 20 RootF\VD19 128.20 P2p 

FaO/2 1 Altn B LK 1 9 1 28.2 1 P2p 

FaO 22 AltnBLK 19 12822 P2p 

On SW-1 

S\V- IftSh spanning -tree vlan 600 

VLAX0600 
Spanning tree enabled protocol iccc 
Root ID Priority 25176 

Address 0O0d.65ca.3180 

Cost 19 

Port 23 i;FastEthcrnct0'21) 

Hello Time 2 sec Max Age 20 sec Forward Delay 1 5 sec 

Bridge ID Priority 33368 (priority 32768 sys-id-cxt 600) 
Addrcs's 001b.2bc5.0cdo 

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec 



CCIE R&S by NarMk KuehurLuiis Advanced CCIE R&S Work Book 2.0 Page 209 of 1068 

C 2009 Xarbik Koch* ruins. All rijhu raervetl 



Aging Time 300 
] nt erf ac c Role S ts Co st Pr :o . N br T \ p c 



FaO/19 


AltnBLK 19 


128.21 


P2p 


FaO/20 


AknBLK 19 


128.22 


P2p 


FaO/21 


Root FVVD 19 


128.23 


P2p 


FaO/22 


AltnBLK 19 


128.24 


P2p 



I ask 11 

Erase the config.tcxt and \ian.dat and reload the switches before proceeding to the next 
lab. 



CCIE R&«> by Narbik Kuchariaiw Advanced CC1E R&S Work Book 2.0 Vage 2I0o/1068 

£ £009 N«rl>ik Kucha riim All rij;hU rtitned 



Lab 6 - QiiiQ Tunneling 



RI 




SW1 



SW4 






SW2 




SW3 




R2 



Task I 



Ensure that a3! interfaces for all 4 switches arc in Shutdown mode 



On All Switches 

i c o nlig)# in t range fD/ 1 -24 
(to nlig- i f-rangc)#sh u t do wn 



Task 2 

Establish trunk links between the switches as follows: 

1 . SW1 and SW4 should use interface FO/23 to establish a trunk link. 

2. S\Y4 and S\Y3 should use interface FQ/19 to establish a trunk link 

3. SW3 and SW2 should use interface FO 23 to establish a trunk link 



CCIE R&<> bv Narbik K.ui:hariaiis 



Advanced CCI E RA.S Wurk Book 2.0 

C 2009 Narbik Kucha riani. All rijhU reerved 



Page 21 1 t>f JQ68 



To confitruri 1 tin; first iti'm: 

On SW I 

SWi (config)#int fll'23 
SW1 (config-if)#swi trunk cncap isl 
SW1 (config-it)rrswi mode trunk 
S W 1 (c o nfig- i f)#No shu t 

On SW4 

SW4(config)#int fCl'23 
SW4(config-if)#swi tain cncap is! 
SW4(config-if)#swi mode trunk 
S \V4 (c o nfig- i 0#Ne shu t 

To vL'rit'v the i-onl'feunttion: 
On SW 1 



SWI #Show interlace trunk 

Port Mode Encapsulation Status Native v Ian 

FaO/23 on isl trunk ing 1 

Port Vlans allowed on trunk 
FaO/23 1-4094 

Port Vlans allowed and active in management domain 
FaD/23 I 

Port Vlans in spanning tree forwarding state and not pruned 
FaO/23 I 

SWl#Showcdp neighbor 

Capability Codes: R - Router. T - Trans Bridge, B - Source Route Bridge 
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone 

Device ID Local Intrfcc Holdtrnc Capability Platform Port ID 

SW4 Fas 0/23 125 SI \VS-C3550-2Fas Q'23 

To conJlmiri; tin; si'cund Hum: 



CCIE R&^ b\ Narbik KuL-harLaiw Ad* unced CCIE R&S Work Book 2.0 

E 3009 Varbik Kucha rianx All rijhu reserved 



Page2I2t>f]Q68 











On SYV3 




SW3(config)#int fQtl9 






SW3(CCmfig-if)#Swi trunk cncap isl 






SW3(config-if)#5wi mode trunk 






SW3(config-il>no shut. 






On SW4 






SW4<ctmfig}#mt fly 19 






SW4(config-if)#swi trunk cncap isl 






SW4{COnfig-if)#Swi mode trunk 






SW4(config-il)#no shut 






To verify the configuration: 






On SYV4 






SW4#Show interlace trunk 






Port Mode Encapsulation Status Native vlan 






FaO/23 on isl tainking I 






Fat).' 19 on isl tainking I 






Port Vlans allowed on trunk 






FaO/23 1-4094 






FaO/19 1-4094 






Port Vlans allowed and active in management domain 






FaO/23 1 






FaD/19 1 






Port Vlans in spanning tree forwarding state and not pruned 






FaO/23 I 






FaO/19 I 






SW4#Show cdp neighbor 






Capability Codes: R - Router. T - Trans Bridge* B - Source Route Bridge 






S - Switch, H - Host J - 1GMP, r - Repeater, P - Phone 






Device ID Local Intrlcc Holdtmc Capability Platform Port ID 






SWI Fas 23 135 SI \VS-C3560-2Fas 23 






SW3 Fas Q" 19 159 SI WS-C3550-2Fas 0/19 


3of]Q68 


cc 


IE R&^ b\ Narbik KuL-harians Advanced C'CIE R&S Work Book 2.0 Page 21 


C2009 NarbikKochariaiu. All rijhU rcirrved 





To con 11 mi ri' th l 1 third ituni: 

On SW3 

SW3(config)#int «tf23 
S\V3(config-if)#swi trunk cncap isl 
SW3(config-if)#Swi mode trunk 
S\V3(config-if)#no shut 

On SW2 

SW2(config)#mt ®t23 
S W2 ( c o nfig- i f)#s wi tru n k en c ap i si 
S W2 (c o nfig- i f)#s wi mo d c t ru nk 
S\V2i;config-if)#no shut 

In verify the configuration: 

On SW3 

S\V3#sh int trunk 

Port Mode Encapsulation Status Native via n 

FaO '23 on isl trunking 1 

FaO/19 on isl trunking 1 

Port Vlans allowed on trunk 
FaO,' 2 3 1-4094 
FaO, 19 1-4094 

Port Vlans allowed and active in management domain 
FaO/23 I 
FaO 19 1 

Port Vlans in spanning tree forwarding state and not pruned 
FaO 23 none 
FaO 19 I 

S\V3r*Sh edp neighbors 

Capability Codes: R ■ Router. T - Trans Bridge, B ■ Source Route Bridge 
S - Switch, H - Host J - 1GMP, r - Repeater, P - Phone 



Device ID 



Local lntrlcc H o .d t mc C ap abi 1 ity P lat fo rm Po rt I D 



CCIE R&«* by NarMk Kuc-harLans Advanced CCIE RJtS Work Book 2. II 

C 3009 Varbik Kiichiriini. All ri^hU reserved 



Page 21 4 of 1068 



SW4 


Fas 0/1 9 


143 


SI 


SW2 


Fas 0/23 


165 


SI 


On S\V 1 









\VS-C3550-2FasO/19 
WSO560-2Fas 23 



SW1 (COnfig)#VTP domain QinQ 

The VTP domain name is configured so that the future VLAXs can be 
propagated across the trunk to the other Switches. You should verily that this 
configuration is propagated to the other snitches before proceeding further. 
You may need to "Shutdot^n'" and then "No Shutckmn" the trunk interface of 
some of the switches to ensure that they all belong to the same VTP domain. 



Task 3 



Configure Rl 's FO/0 and R2's FO' 1 using the following IP addresses: 

Rl ! s FO = 10.1.12.1 /24 and R2's FO.T = 10.1.12.2 ,24 

Ensure that R! and R2 have foil reachability to each other; you should use CDP and 

Ping to verify'. 



On Rl 

Rl(config)#intfo/0 

Rl(config-if)#ip addr 10. 1.1 2. ! 255255.255.0 

Rl(config-if>*no shut 

On R2 

R2(config)#intffl..T 

R2iconfig-if>ipaddr 10.1.122 255255.255.0 

R2(config-if)#no shut 

On S\V I 

SWl(config)#intffi'l 
SW1 (config-if)#no shut 

On S\\ 2 

S\V2(config)*int gK2 



CCIE R&S by NarhSk Kuchariaiw Advanced CCIE RJtS Work Book 2.0 

C .204)9 Narlrib Kudu rum. All righti raerved 



Page 21 S of 1068 



S\V2(config-ii>*na shut 

'I'd verify the configuration: 

On Rl 

Rl#Sh cdp neighbors 

Capability Codes: R - Router. T - Trans Bridge, B - Source Route Bridge 
' S - Switch, H - Host J - IGMP, r - Repeater 

Device ID Local In trice Holdtmc Capability Platform Port ID 

SW1 Fas 0/0 154 SI WS-C3560- Fas Qf\ 

Rl*Ping 10. 1.12.2 

Type escape sequence to abort. 

Sending 5, lOO-bytc I CMP Echosto 10.1.12.2, timeout is 2 seconds: 

MM 

Success rate is 80 percent (4/5), round-trip rnin/avg/max = 1/1/4 ms 
On R2 

R_"Sho\v cdp neighbors 

Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge 
S - Switch, H - Host, 1 - IGMP, r - Repeater 

Device ID Local Intrlcc Holdtmc Capability Platform Port ID 

SW2 Fas 0/1 128 SI WS-C3560- Fas 2 

R2sPing 10.1.12.1 

Type escape sequence to abort. 

Sending 5, 100-bytc I CMP Echos to 10. 1. 12. 1, timeout is 2 seconds: 

Mill 

Success rate is 100 percent (5/5), round-trip min/avg'max = 1/2/4 ms 

Note both routers can successfully Piny each other and seethe snitch that they are 
directly connected to. 



CCIE R&5> by Narvik Kuchar La it* Advanced CCIE R&S Work Book 2.0 Page 216 of 1068 

C2009 >iarl>ik Kucha riani. All rijjhu raerved 



Task 4 

Configure these devices such that the output of the "Showcdp neighbor' command on 
Rl resembles the following: 

RI#Showcdp neighbors 

Capability Codes: R - Router. T - Trans Bridge, B - Source Route Bridge 
S - Switch, H - Host, I - IGMP, r - Repeater 

Device ID Local In trice Holdtmc Capability Platform Port ID 

R2 Fas 00 III RSI 261 1XM Fas 0/1 



This tusk calls for Dotlq Tunneling, S02.1q tunneling enables the service providers 

to use a single VLAN to support customers who have a single or multiple VLANs 

that need to connect across the provider's network while preserving their VLAN- 

IDs. The provider can use this feature to keep traffic from different customers 

segregated. 

When configuring QinQ tunneling, a tunnel port must be defined, this port should 

be assigned to a VLAN. different customers must be assign to different tunnel ports 

and different tunnel ports should be- configured in different provider VLANs, and 

this is how the traffic from different customers are segregated. 

When a given tunnel port receives customer traffic, it adds a 2 Byte Ether- Type 

field of (1x810(1 followed by a 2 Byte field containing the CoS and the VLAN and this 

traffic is then put into the VLAN to which the tunnel port is assigned. The Egress 

tunnel port strips off the 4 Bytes that was added by the ingress tunnel port and 

transmits the traffic to the customer device. 

When Dotlq tunneling is configured, a layer 2 protocol tunneling can also be 

configured, a layer 2 protocol tunneling allows layer 2 protocol data units (PDLs) to 

be tunneled through the network, the layer 2 protocols that can he tunneled are: 

CDP, STP and \TP and they need to be configured or else they will NOT get 

propagated across the tunnel. 

In this case since CDP must be used, it should be configured using the "L2protocol- 

tunnel CDP" interface configuration command. 

On S\V I 



SW1 (config-it)#int fO/I 

SW1 (config-if^swi ace v 100 

S W I (c o nfig- i f )n s w i m od e do 1 1 q - 1 unn el 

SYV1 (config-if)r*l2protocol- tunnel cdp 

On SW2 

S\V2i;config-ift*int ft) 2 



COE R&$ by NarMk Kuehariam Advanced CCIE R&S Work Book 2.0 Page 21 ? of 1068 

£2009 Xarbik Kuchiriani. All rig lib rcirrvcii 



SW2i;config-ii>swi ace v 100 
SW2(config-if)#SYvi mode dotlq-tunnel 
S\V2(config-if)r*l2protocol- tunnel cdp 

To verify the configuration : 

On Kl 

Rl^Showcdp neighbors 

Capability Codes: R - Router. T - Trans Bridge. B - Source Route Bridge 
S - Switch, H - Host, 1 - IGMP, r - Repeater 

Device ID Local In trice Holdtrnc Capability Platform Port ID 

R2 Fas 0/0 122 RSI 261 1XM Fas 0/1 

Note sometimes you need to "Clear cdp table" on the routers to see the change. 
'l'o verify the tunnel: 

On S\V I 

SWl*Shdotlq-tunnc: 

dot Iq- tunnel mode LAN Port(s) 

FfiO/ 1 

SW'1 nShow 12protocol- tunnel summary 

COS for Encapsulated Packets: 5 

Drop Threshold for Encapsulated Packets: 

Port Protocol Shutdown Drop Status 

Th re sho Id T hr csho Id 
(edp/stp/vtp) (cdp stp vtp) 
i pagp ' lacp/udld) f pagp iacp/udld) 



Fa0/1 cdp ■-■ ■ ,.— ..— ............ up 

.... .__ .... ..../..../.... . .. ./. .. .; .... 

Note the status is UP and CDP is the ONLY layer 2 protocol tunnel in use. 



CCIE R&<> by NarMk Kuchariara Advanced CCIE R&S Work Book 2.0 Page 218 of 1068 

E 3009 >uirl>ik Kucha riini All rijhu raerved 



Task 5 

Configure the Ft) ofRl and FO/1 intcrikee of R2 with two sub interfaces; using the 

following information: 

The first subintcrfacc should belong to VLAN 12, this VLAN on Rl 5 s FO'O interface 

should have an IP address of 10.1.12. 1 .'24 and on R2's FO/1 interlace it should have an 

IP address of 10.1. 12.2. '24. 

The second subintcrfacc should belong to VLAN 34, this VLAN on Rl ! s F0 interface 

should have an IP address of 10.1. .34. 1 .'24 and on R2's FO/1 interlace it should have an 

IP address of 10.1. 34.2 ,'24. 

Verify reachability using Ping. 



In this task, on each muter, two VLANs are created using two suhinterfaees, one 
subinterfaee is configured to he in VLAN 12 and the other suhinteiface is configured 
to be in VLAN 34. 

On Rl 



Rl (config)#dcfault interlace f0/0 

The above command sets the interface fO/0 back to its default configuration. 

Rl(config)#intiM).12 

R 1 fc o n fig-s ub if)#cnc ap do 1 1 q 12 

Rli;config-subii)#ipaddr 10.1.12.1 255.255.255.0 

Rli;config;^intrt)/0.34 

R I (c o n tlg-s ub if)#cnc ap do 1 1 q 34 

Rli;config-subif)#ipaddr 10.1.34.1 255.255.255.0 

On R2 

R2(config)#dcfault. interlace fQT 

The above command sets the interface Hl/O back to its default configuration. 

R2(config')#inttt)/l.!2 
RZiconfig-subif^encap dotlq 12 
R2iconf]g-subif)#ip addr 10. L12.2 255.255.255.0 

R2(config^intffi.T.34 
R2(config-subif)r! i cncap dotlq 34 
R2i;config.subif)#ip addr 10. 1.34.2 255.255.255.0 



CCIE R&$ by Narbik Kueharians Advanced CCIE R&S Work Book 2.0 Page 2I9ofl068 

C 1(1(19 Varbik. Kucharuni. All rijjhli ratncil 



Because the interfaces of the routers are configured as a trunk polls, the switch port 
that they connect to is configured to he in VI. AN 100, and they are also configured as a 
tunnel ports, this is called an asymmetrical link. 

To verify the configuration: 



On kl 

RigPing 10.1.12.2 

Type escape sequence to abort. 

Sending 5 r 100-bytc ICMP Echos to 10. 1. 12.2, timeout is 2 seconds: 

MM* 

Success rate is 100 percent (4/5), round-trip min.'avg'max = 1/2/4 ms 
Rigging 10.1.34.2 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 10.1.34.2, timeout is2 seconds: 
i ii ii 

Success rate is 100 percent (4/5), round-trip min.'avg'max = 1/2/4 ms 



Task 6 

Delete the VLAN.dat and Con fig. text of SW1 and SW2 and re toad these switches, while 

the switches arc reloading configure the following: 

Set the fuV23 interface on SW3 and SW4 to default configuration and authenticate the 

VTP domain using "QinQ" as the password. 

Ensure that ONLY ports FQ 23 and F0.T on SW1 and ¥0/23 and FG'2 on SW2 arc in 

UP/UP state, the rest of the ports should be disabled. 



On SYVl andS\V2 


#dclctc config.tcxt 


#dclctc vlan.dat 


#rcload 


On SW 1 


Switch(config)#host SW1 



CCIE R&<* b\ Narbik Kueharians Adt anted OCIE R&S Work Book 2.11 Page 220afl068 

C2009 Narbik Kuchariani. All rij[hU rrirrvfd 



On SW2 

Switch(coniig)#host SW2 

On SW3andSM4 

fconfig)#dcfaLilt interface tf) 23 
(con±ig)#VTP password QinQ 

On SW 1 

SWI (config)#intcrfacc range tt)/2-24 
SWI 1 c o nfig- i f-rangc)r* S hu tdo wn 

On SW2 

SW2(config)#int range fll'l, iO'3-24 
S \V2 (c o nfig- i f-range)#S hu td Q w n 



Task 7 

Configure these devices such that the output of the "Show cdp neighbor" command on 
SWI & SW2 resembles the following: 

On SW 1 

SWl#Showcdp neighbors 

Capability Codes: R - Router. T - Trans Bridge. B - Source Route Bridge 
S - Switch, H - Host, 1 - 1GMP, r - Repeater, P - Phone 

Device ID Local Intr tec Holdtmc Capability Platform Port ID 

SW2 Fas 0:23 172 SI WS-C 35 6 0-2 Fas 0/23 

Rl Fas 0:1 144 RSI 261 1XM Fas 0:0 

On S\V2 

SW2#Shuwcdp neighbors 

Capability Codes: R - Router, T - Trans Bridge* B - Source Route Bridge 
S - Switch, H - Host, 1 - 1GMP, r - Repeater, P - Phone 

CCIE R&S by Narbik Koeharians Advanced CCIE R&S Work Book 2.0 Page 221 of 1668 

C 20(19 Narbik Kocharuiiu. All ri|{hUririerv«l 



Device ID Local Intrtcc Holdtmc Capability Platform Port ID 

SWI Fas 0/23 174 SI WS-C3560-2Fas 0/23 

R2 Fas 0/2 1 6 1 RSI 26 1 I XM Fas 0/1 



On SW3 andSW4 

(oonfig)#iiitfly23 

(coniig-if)#swiacc v 100 
(config-if)#swi mode dot 1 q- tunnel 
(coniig-if)#12protoco!-tunncl cdp 

To verify the configuration: 
On SW 1 

SWT#Show cdp neighbors 

■Capability Codes: R ■ Router. T - Trans Bridge, B ■ Source Route Bridge 
S - Switch, H - Host, 1 - IGMP, r - Repeater, P - Phone 

Device ID Local Intrtcc Holdtmc Capability Platform Port ID 

SW2 Fas 0/23 172 SI WS-C3560-2Fas 23 

Rl Fas 0/1 144 RSI 261 1XM Fas 0/0 

On SW2 

SW2ftSho\v cdp neighbors 

Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge 
S - Switch, H - Host, 1 - IGMP, r - Repeater, P - Phone 

Device ID Local Intrtcc Holdtmc Capability Platform Port ID 

SWI Fas 0,23 174 SI WS-C3560-2Fas 0/23 

R2 Fas 2 161 RSI 26 1 1 XM Fas 0/1 



Task8 

Configure a trunk link between SWI and SW2 using interface FO/23. These two switches 
should use DotlQ encapsulation for this task. 



CCIE R&«* by Narfaflc Kuchariuiw Advanced CCIE R&S Work Book 2.0 Page 222 of 1068 

£ 2009 Xarbik Kuchariani. All righb ratnnl 



On S\\ 1 and S\M 

(eoniig)#intfa'23 
(config-iiV^swi trunk cncap dot 1 q 
(contig-if^swi mode trunk 

To verify the configuration: 

On SW2 

SW'2#Show interlace trunk 

Port Mode Encapsulation Status Native vlan 

23 on 802. lq trunk ing I 



Port Mans allowed on trunk 
FaO 23 1-4094 

Port Vlans allowed and active in management domain 
FaO/23 I 

Port Vlans in spanning tree forwarding state and not pruned 

) 23 I 



Task 9 

Configure SYV1 and SW2 in VTP domain called "Customer*; Configure VLANs 35 and 
46 on SWI and ensure that they arc propagated to SW2. SW1 should he the root hridgc 
for 35 and SW2 should he the root hridgc lor 46. 



To accomplish this task, \'TP and SIP protocols should he propagated between 
SWI and SVV2: this is accomplished by configuring SVV3 and SW4 to allow these 
protocols on their tunnel port (F(l''23) as follows: 

On S\\ 3 and SW4 

(config)# inter 10 23 
(config-if)#L2protocoI-tunnel STP 
(config-if)#L2protocol-tunneI \"TP 



CCIE R&<> by Narfaflc Kuc-hariaiw Advanced CCIE R&S Work Book 2.0 Page 223 of 1068 

C2009 \«rbik Koch* runs. All rijhls raerved 



On SW I 

SW1 (config)#VTP domain Customer 
To verify the configuration: 

On SW2 

SVV2#Sh vtp status 

VTP Version : 2 

Configuration Revision : 

Maximum VLANs supported loc-ally : 1005 

Number ofcxisting VLANs : 5 

VTP Operating Mode : Server 

VTP Domain Name : Customer 

VTP Paining Mode : Disabled 

VTP V2 Mode : Disabled 

VTP Traps Generation : Disabled 

MD5 digest : 0x57 OxCD 0x40 0x65 0x63 0x59 0x47 OxBD 

Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00 

Loeal updatcr ID is 0.0.0.0 (no valid interlace found) 

To create VLANs 35 and 46; 
OnSWI 

S\V1 (config)#VLAN 35,46 
SW1 (config)#cxit 

To verify the configuration: 

On SW2 

SW2#Sh vlan br exc unsup 

VLAN Name Status Ports 



del a u It act ivc FaO/ 1 . F aO 2 . F aO ' 3 , FaO 4 

FaO. -5, FaO/6, FaO/7, FaQ/8, FaO/9 
FaQ/10 t FaD/ll t FaO,T2 s FaOT3 
FaO 14. FaO 15. FaO 16. FaO. 17 



COE R&<> by Narblk Kuc-hariaiw Advanced CCIE R&S Work Book 2.0 Page 224 of 1068 

C M09 Narbik. Kucha riant. All rtyh U rtaerved 



FaO/T8 s FaO/19, FaD/20, Fa0/21 
Fa0/22 ( FaO/23, Fat)/ 24, GW/1 
GiO/2 

35 VLAN0035 active 

46 VLAN()(M6 active 

To ddumimu (liu roo< hrid^u I'.:']" (liu iii!»h cruLtd'd VLANs: 

On SW1 

SWTnSh spanning-trec vlan 35 

VLAND035 

Spanning tree enabled protocol iccc 
Root ID Priority 32803 

Address ' 001a.2ffla.2000 

This bridge is the root 

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec 

Bridge ID Priority 32803 (priority 32768 sys-id-ext 35) 
Address '001a.2ffla.2000 
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec 

Aging Time 301] 

Interlace Role Sts Cost Prio.Xbr Type 

FaO/7 Dcsg FWD 19 128.9 P2p 

SWj ftSh spanning-tree vlan 46 

VLAX0046 
Spanning tree enabled protocol iccc 
Root ID Priority 32814 

Address * (Klla.2ffla.2000 

This bridge is the rcx.it 

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec 

Bridge 1 D Priority 328 1 4 ( prio rity 32768 sys-id-ext 46) 
Address '(Klla.2ffla.2000 

Hello Time 2 sec Max Age 20 sec Forward Delay 1 .5 sec 
Aging Time 300 

Interlace Role Sts Cost Prio.Xbr Type 



CCIE R&<> by Narbik Kueharians Advanced CCIE R&S Work Book 2.0 Page 22SoflQ68 

C20Q9 >t»r bik Kucha rum. All righti rcirrvril 



FaO/7 Dcsg FWD 19 128.9 P2p 

Xote in this cast 1 SW2 is the root bridge tor both (35 and 46) VLA.Xs. 
The result mav be different on vnur pod of routers and switches. 

The last step is to configure SW1 as the root bridge for VLAX 35 and SW2 as the 
root bridge for VLAX 46, as follows: 

On SW1 

SW1 (config^S panning -tree vlan 35 root primary 

To verify the configuration: 

On SW2 

SW2#Sjj spanning-trcc vlan 35 

VLAX0035 
Spanning tree enabled protocol icec 
R0O1 ID Priority 246 1 I 

Address " (H123.050b.c780 

Cost 1 9 

Port 9 (FastEthcmctO 7) 

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec 

Bridge ID Priority 32803 (priority 32768 sys-id-cxt 35) 
Address 001a.2i0a.2000 

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec 
Aging Time 300 

Interface Role Sts Cost Pro. Xbr Type 

FaO/23 Dcsg FWD 1 9 128.9 P2p 

On SW 1 

SW'I #Sh spanning-trcc vlan 35 

VLAX0035 
Spanning tree enabled protocol icec 
Root ID Priority 2461 I 

Address * 0023.050b.c780 



CCIE R&S by NarMk Kuchariaiw Advanced CCIE R&S Work Book 2.11 Page 226 of 1068 

C20Q9 N«rbik Koch* runs. All rijhu raerved 



This bridge is the root 

Hclk) Time 2 sec Max Age 20 sec Forward Delay 1 .5 sec 

Bridge ID Priority 24611 (priority 24^6 sys-id-cxt 35) 
Address '0023.050b.c780 
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec 
Aging Time 300 Note SW1 is the root bridge 

Interlace Role Sts Cost Prio.N'br Type 

FaO/7 Dcsg FWD 19 128.9 P2p 

On S\\ 2 

S\V2(config)T*S panning -tree vlan 46 root primary 

In verify the configuration: 

On SW2 

SW2#Sh spanning vlan 46 

VLAN0046 
Spanning tree enabled protocol icee 
Root ID Priority 24622 Note this switch is the root bridge lor V LAN 46 

Address " 00 1 a. 2fi)a. 2000.^-^ 

This bridge is the root 

Hclb Time 2 sec Max Age 20 sec Forward Delay 15 sec 

Bridge ID Priority 24622 (priority 24576 sys-id-cxt 46) 
~ Address *00 la. 2ft) a. 20 00 

Hello Time 2 sec Max Age 20 sec Forward Delay 1.5 sec 
Aging Time 300 

Interlace Role Sts Cost Pro. Xbr Type 

FaO/7 Dcsg FWD 19 128.9 P2p 



CCIE R&5> by Narvik Kuchariaiw Advanced CCIE R&S Work Book 2.0 Page 22? of 1068 

C2009 >iarl>ik Kucha riani. All rijhfci raerved 



Task 10 

Delete VLAX.dat and config.tcxt on all switches and reload them before proceeding to 
the next lab. 



CCIE R&«* by Narbik Kuchariaiw Advanced CCIE R&S Work Book 2.0 Page 228 of 1068 

£ £009 N«rl>ik Kucha rlim All rijhu raerved 



Lab 7- Fallback Bridging 






Lab Setup: 



> U sc the c hart be lo w ib r add r ess ass ign men t : 



IP Ad dress in": 



Router 


Interface 


IPX Net address 


IP\ 6 Address 


\ [ AN 


Mac-address 


BB2 


FastEthcrnct 


ABCD 


23::2 /64 


20 


0000.2222.2222 


BB3 


Fast Ethernet 


ABCD 


23::3 .'64 


30 


(MM) 11.3333. 3333 



Task I 



Shutdown all the used port sun SW1 and SW3, only ports that arc connected to BB2 and 
BB3 should be in UP/UP state. 



On SW1 








SW1 (config)#int range 
S W 1 (c o nfig- i f-range)# 


ft/I 

Shut 


• 9 , ft/12 - 


24 


On SW3 








SWI (config)#int range 


rti l 


■ 11 .10 14 


-24 



CCIE R&* by NarMk KucharLuiw Advanced CC1E R&S Work Book 2.0 

C 2009 Varbik Kucha runt. All rhjhu reserved 



Page 229 of 1068 



Task 2 

Configure the appropriate switch such that routers BB2 and BB3 can forward NON-IP 
traffic between VLAN 20 and 30: Fallback Bridging should be configured to accomplish 
this task. If this task is configured properly, you should be able to use "Ping** to test this 
configuration using IPv6 or IPX addressing identified in the IP addressing chart. 



Note since the task specifies that the test should be conducted using IPv6 and IPX, 
355(1 snitches \\\\\ be the only choice. Since the earlier IOS versions did NOT Inu e 
suppoit for IPv6, these snitches looked at IPv6 traffic as NON-IP, just like IPX. 

To configure Fallback Bridging: 

On SW3 

The following command assigns a bridge group number (In this case number 1) and 
it also specifies the VLAN bridge spanning-tree protocol to run in this bridge group. 

SW3(config)#b ridge 1 protocol v Ian -bridge 

The following configuration assigns the bridge group that was created with the 
"Bridge 1 protocol vlan-bridge'" global configuration command to interface VLAN 
20 and 30. 

S\V3(config)#intvlan2{) 

S YV3 (c o nfig- i f)n b rid g e- g ro u p 1 

S\Y3(config-it)#int vlan 30 

S W3 (c o nfig- i t)$ b rid g e- g ro u p 1 

To verify the configuration 

On SW3 

If the output of your "Show bridge'" command does NOT reveal the MAC address 
of BB2 and BB3, you should generate some traffic (For example: Pinging BB3 from 
BB2 using the IPv6 or IPX) so the bridge will see the MAC addresses. 

S\V3#Sht)w bridge 



CCIE R&«* by Narblk kuchariaiw Advanced CCIE R&S Work Buok 2.11 Page 230 of 1068 

C 2009 NarbikKochariaiu. All riflhla rcirrvt-d 











Br Group Mac Address State Type Ports 




I 0000,777,3,2222 Forward DYNAMIC VI20 FaO/12 

1 00-00.3333.3333 Forward DYNAMIC V130 FaO/13 

To test the configuration : 

On BB2 

BB2#Ping23::3 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echo s to 23::3 S timeout is 2 seconds: 



Success rate is 100 percent (5''5), round-trip min.'avg'max = 0/0/4 ms 

BB^Ping IPX ABCD.0000 3333.3333 

Type escape sequence to abort. 

Sending 5. 100-bvtc IPX Novell Echoes to ABCD.0000. 3333.3333. timeout is? seconds: 


(MM 

Success rate is 100 percent (S'5), round-trip min.'avg'max = 1/2/4 ms 




Task 3 

Configure the switch such that ONLY static entries are bridged, if this switch is 
configured properly, the switch should NOT bridge dynamically learnt Mac addresses. 






On SW3 

In the previous task, the switch (SYV3) learned the MAC addresses dynamically, and 
it bridged the traffic between the VLANs. The following command prevents the 
switch to forward frames to stations that it has learned dynamically. 

SW3(config)#NO bridge 1 acquire 

To verify the configuration: 

Note the output of the following "Show'" command reveals that the dynamically 
learned MAC addresses are discarded: 




cc 


IE R&* bj Narbik Koeharians Advanced CCIE R&S Work Book 2.0 Page 2J1 of It 

£ 2009 Narbik Kochariaiu. All rijhu raerved 


HS 



On SW 3 

SV^Show bridge 

Br Group Mac Address State Type Ports 

I 11)00.2222.2222 discard DYNAMIC VI20 FaO/12 

1 0QOO3333J333 discard DYNAMIC V130 FaO/13 

To test the configuration: 
On BB2 



BB2*Ping IPX ABCD.OOOO. 



■,*,■,■, ■,■,■*•, 



Type escape sequence to abort. 

Sending 5, 100-bytc IPX Novell Echoes to ABCD. 0000.3333 3333, timeout is 2 seconds: 

Success rate isO percent (0/5) 

BB2#Ping23::3 

Type escape sequence to abort. 

Sending 5 , 100-bytc ICMP Echos to 23::3 S timeout is 2 seconds: 

Success rate isO percent (0/5) 

'I'u complete the configuration: 

The following two commands add the MAC addresses of BB2 and BB3 

statically, therefore, since the traffic from dynamically learned MAC addresses are 
discarded, the traffic with statically configured MAC addresses will be forwarded. 

On S\V3 

S \Y3 (c o nfig)#B rid gel ad d res s 00 . 22 2 2 . 22 2 2 f o rw a rd 

SW3(config)#Bridge 1 address CM) 00. 3333. 3333 forward 

To verify the configuration: 
On BB2 



CCIE R&S by NarMk Kuc-hariaiw Advanced CCIE R&S Work Book 2.0 Page 232 of 1068 

£2009 Xarbik Kuchariani. All rig lib reirrvcii 



S VV3*Show bridge 

Br Group Mac Address State Type Ports 

I 00 00.2222.2222 Forward Static - 

i 0000.3333.3333 Forward Static - 

To test the configuration : 

BB2*Ping23::3 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echos to 23::3, timeout is 2 seconds: 

(MM 

Success rate is 100 percent (5/5), round-trip min.'avg'max = 0.1. '4 ms 
BB2*Ping IPX ABCD.HOOO.3333.3333 

Type escape sequence to abort. 

Sending 5 r 100-bytc IPX Novel! Echoes to ABCD.0000. 3333.3333, timeout is2 seconds: 

(MM 

Success rate is 100 percent (5/5), round-trip min/avg max = 1/2/4 ms 



Task 4 

Configure the appropriate switch such that routers BB2 and BB3 can forward NON-IP 
traffic between VLAN 20 and 30: you should configure Failback Bridging to accomplish 
this task. If this task is configured properly, you should be able to use "Ping"' to test this 
configuration using IPX addressing identified in the addressing chart. IPv6 addressing 
should NOT work when conducting tests using the Ping command. 



Note because 3560 snitches support IPv6, they do not consider IPv6 as NON-IP 
traffic; therefore, thej do not bridge IPv6 traffic. 

On BB2 

BB2(config>#default interface l'0'l 

BB2(config)#intf0 

B B 2 (co n fig- iQ#m ac -add res s 00 .2222 2222 

BB2(config-if)#ipx Network ABCD 



CCIE R&$ by NarMk Kueharians Advanced CCIE R&S Work Book 2.0 Page 233 of 1068 

C 1009 Narbik Kudu rum. All righti rcitrvcii 



BB2(config-ii>ipv6 address 23:: 2/64 
BB2(config-ii>no shut 

On BB3 

B B 3 (co n fig)#dciau It in teriacc ID/ 1 

BB3(config)#intfOO 

B B 3 (co n fig- ii>mac -ad d res s 00 . 33 3 3 . 33 3 3 

BB3(config-il>ipx Network ABCD 

BB3(config-iO#ipv6 address 23:: 3/64 

B B 3 (co n fig- iO#no s hu t 

On SW 1 



SWl (config)#int Alii 

SWl (config-if)#swi mode ace 

SWl (config-if)#swi ace v 20 

SWl(config.ii)#intra.''12 
SWl (config-if)#swi mode ace 
SWl (config-ii")#swi ace v 30 

SWl (config)#int vlan 20 

S W 1 (c o nfig- i f)#b ridgc-gr □ u p 1 

SWl (config-if)#int vlan 30 
SWl (c o nfig- i f)#b ridgc-gr o u p I 

SWl (config)#B ridge 1 protocol vlan- bridge 



To verify the configuration: 



On SW 1 

5W3#ShDw bridge 

Br Group Mac Address State Type Ports 



noun.::::.:::: RmKu-d dynamic \".:n 

0000.3333.3333 Forward DYNAMIC V130 



To test the confh'uration: 



CCIE R&«* by Narblk Ruchariaiw \d\ anctd OOE R&S Work Book 2.0 Page 234 of 1068 

C 2009 NarbikKochariaiu. All rig h Unnerved 



On SW 1 

BB2*Ping23::3 

Type escape sequence to abort. 

Sending 5 S 100-bytc ICMP Echos to 23::3, timeout is 2 seconds: 

Success rate isO percent (O.'S) 

Note the above Ping failed but the following Ping worked, 

BB2*Ping ipx ABCD. 0000.3333.3333 

Tvpc escape sequence to abort. 

Sending 5, 100-bytc IPX Novell Echoes to ABCD. 0000.3333.3333, timeout is2 seconds: 

Mill 

Success rate is 1(10 percent (5'5), round- trip min/avg'max = 1/2/4 ms 



Task 5 



Configure Rl based on the following chart: 



Router 



Interface 



IPX Net 

address 



IPv6 

Address 



VLAN 



Mac -address 



R 



Fast Ethernet 



ABCD 



64 



DclLiu'.l 



0000. 



On Kl 

R 1 (c o n fig)# ipx ro uti ng 

Rli;config)#intfO/0 
R! (con fig- if)#mac -address 
Rli;eonfig-ii>mac-addrcss(X)00. 1 1 I 
Rl (config-if)#ipx Network ABCD 
Rl (config-iiyipv6 address 23:: 1/64 
Rlfconfig-if)#no shut 

On SW I 



SWl (config)#intcrfacc fG'O 
SWUconfie-ifWno Shut 



CCIE R.&S b* Narbik Kucharians 



Ad* ancLd CCIE R&S Wurk Book 2.0 
C 2009 Varbik Kucha riant. All rig h Is reserved 



Page 235 of 1068 



S W 1 (c o nfig)#in t v Ian I 

SW1 (config-if)#brk]gc-group 1 

SW1 (config-if)r*no shut 

To test the configuration: 
On Kl 

Ripping ipx abcd.0000.2222.2222 

Type escape sequence to abort. 

Sending 5, 100-bytc IPX Novell Echoes to ABCD. 0000.2222.2222, timeout is 2 

seconds: 



Success rate is 100 percent (5/5), round-trip min/avg max = 1/1/4 ms 



To verity the configuration: 



OnSWl 



SWl#Show bridge 



Br Group Mac Address State Type Ports 

I MOO. I I I 1. 1 1 I I Forward DYNAMIC Vll 

I 0000.2222.2222 Forward DYNAMIC V120 

I 0000.3333.3333 Forward DYNAMIC V130 



task 6 

Erase the startup configuration on the routers. Switches and reload them before 
proceeding to the next task. 



CCIE R&*» by Narhik Kuehariaiw Advanced CCIE R&S Work Book 2.0 

C2009 Varbik Kucha riani. All rijjhu rciervcii 



Page 236 of 1068 



Lab 8 
Multiple Spanning Trees (802.1s) 



Task I 

The first Catalyst switch should be configured with a hostname of Cat- 1 and the second 
Catalyst should have a hostname of Cat-2. 



On the first Switch 

Switch(contig)#Hostnamc Cat- 1 

On the Second Switch 

S wile h(co n tig )#Ho stnamc Cat-2 



Task 2 



Configure ports FO/2 1-24 on Cat-! and Cat-2 in shutdown state. 



On Both Switches 

Cat-2(config)#int range FO/2 1-24 
C at - 2i c o n tig- i f-r an ge)#S hu t 



Task 3 

Ports F0 1 9-20 on both switches should be in trunking mode, these ports should use an 
industry standard protocol to establish the trunk. 



On Both Switches: 



(coniig)#int range fO'l 9-20 



CCIE R&^ b\ Narbflt Kuchariaiw Advanced COE R&S Work Book 2.11 Page 23? of 1068 

C 2009 Narbik Kucha rianx All rig h Unnerved 



(conlig-il-rangc)#S\vitchport trunk encapsulation dotlq 
Cat-Hconiig-if-range^S^itchport mode trunk 



Task 4 

Create VLAXs 12. 34. 56. and 90 on Cat- 1 and ensure that these VLANs arc propagated 
to Cat -2 via VTP messages. 



On Cat-1 




Cat- l(config)#vlan 12,34,56,90 




Cat- l(coniig-vlan)#cxit 




To verify the configuration : 




On Cat-1 




Cat- l#Sh vlan hr exc unsup 




V L AN N aine S t at us 


Ports 


I default active 


FaD/I t FaG/2 t FaQ/3 t FaD/4 




FaO/5, Fa0/6, Fa0/9, FaO/ 10 




FaO'll,FaO/12, FaO 13, FaD/14 




FaO 15, FaO 16, FaO 17, FaO/ 18 




FaO/ 19, FaO 20, FaO 23, FaO/ 24 




GK)/l r GiO/2 


12 YLAN0012 active 




34 VLAN0034 active 




56 VLAN0056 active 




90 VLAN0090 active 




On Cat-2 




Cat-2#Sh vlan br exc unsup 




V L AN Name S tat us 


Ports 


1 default active 


FaO/l,FaO/2, FaO/3, FaO/4 




FaO: 5, FaO 6, FaO 9, FaO 10 



CCIE R&S by Narbik Kucharians Advanced CCIE R&S Work Book 2. II 

C2009 Nar bib Kucha rum. All riflhu rticn til 



Page 238 of 1068 



FaO II, FaO 12, FaO, 13, FaO.T4 
FaO / 1 5, FaO- 1 6 9 FaO/17, FaO/18 
FaO.T9, FaD/20, FaD/23, FaD/24 
G 10/1,010/2 

Note none of the switches are in VTP transparent mode, and yet the VLANs are not 
getting propagated from Cat-1 to Cat- 2. This is because the VTP domain name is 
not configured, if the VTP domain name is not configured, the switches \*ill NOT 
propagate their VLAN information across the trunk links. For the purpose of this 
lab VTP domain name of *"TST'" is treated so Cat-1 propagates the VLAN 
information to Cat- 2. 

On Cat-1 



Cat-l(config)#vtp domain TST 

Note the above command configures a VTP domain name, if the other switch does 
not have a domain name configured and a trunk has been established between the 
two switches, Cat-1 will convey the domain name \ia VTP messages and the two 
switches will synch up their VLAN information based on the highest \TP rev 
number. In this task, since a name has not been specified, a domain name of "1ST" 
has been configured. 



To verify the configuration: 



On Cat-2 

Cat-2~Sh vian brief 1 cxc tin sup 

VLAN Name Status Ports 

1 default 



12 VLAN0012 

34 VLAN0034 

56 VLAN0056 

90 VLAN0090 



active FaO. I , FaO 2, FaO 3, FaO/4 
FaO ,'5, FaO 6, FaO ,9, FaO/10 
FaO/ 1 1 , FaO/ 1 2, FaO/ 1 3, FaO/ 1 4 
Fall 15, FaO/16, FaO.T7, FaO/18 
FaO /1 9, FaO '20, FaO/23, FaO/24 
GiO/l,GiO/2 

active 

active 

active 

active 



CCIE R&«> bv Narbik KuL-hariami 



Advanced CC1 E R&S Work Book 2.0 

E 2009 \ar bib Kucha riam. All rijhfci r«erv«l 



Page 239 of 1068 





Task 5 

Configure all the ports except FQ 1 9 and FO/20 in shutdown mode. 






On Both Switches 

Cat-x(coniig)#int range ft) 1-18 , FO/21-24 
Cat - xf co n tig- i f-r an gc ) U S hu t 






Task 6 

Configure Multi-instance of Spanning Tree on these two switches using the follows 
policy: 

1 . There should he two instances of STP, instance 1 and 2 

2. The revision number should be 1 

3. The MST region name should be "CC IE" 

4. Instance 1 should handle VLAXs 12 and 34 

5. Instance 2 should handle VLAN 56 

6. All future VLAXs should use instance 

7. Instance 1 should use FQ'19 

8. Instance 2 should use FO/20 

9. Cat-I should be the rcx.it bridge for the first instance 

10. Cat -2 should be the root bridge for the second instance 








On Both Switches 

The default mode for spanning-tree is PVST, the output off the following Shorn 
command verifies this information: 

#Show spanning- tree summary The default mode of Spanning-tree 

Suit eh is in pvst mode 

Root bridge for: none 

Extended system ID is enabled 

( The rest of the output is omitted) 

On Both Su itches 
(config^Spanning-tree mode mst 




cc 


IE R&S^ In Narhik kucharian* Advanced CCIE R&S Work Book 2.0 Page 240a 

C2009 Mar bib Kucha rian«. All righta raerved 


t tm 



This command enables and changes (he mode of the spanning-tree on the snitch 
to MST. 

To verify the configuration: 

On Both Switches: 

^Sh spanning- tree sum 

Snitch is in mst mode (IEEE Standard) 
i The rest of the output is omitted) 

To configure MST on the switches: 

On Both Switches: 

iconfig^Spanning-trcc mst configuration 

The above command enters the MST configuration mode 

(confjg-msOnRcviskm 1 

The above command sets the MST configuration revision number to 1. The range 
for this number is 1-65535. 

lconfig-mst)#N~amc OCIE 

The above command configured the name of the region to be "CCIE" 

(config-mst)#lnstancc 1 vlan 12,34 
( co nfig-mst)# Instance 2 vlan 56 
( c o nfig- mst)#cx it 

MST supports 16 instances, once the spanning-tree mode is changed to MST and 
the MST configuration mode is entered, instance is created and all VLANs are 
mapped to that instance. The above commands map the requested VLANVs to the 
specified instances, and by default all the future VLANs or VLAN/s that are not 
statically mapped to a given instance will be assigned to instance 0, instance is 
the Catch all instance. 

To verify this configuration: 
On both Switches 



CCIE R&$ by Narbik Kueharians Advanced CCIE R&S Work Book 2.0 Page 241 of 1068 

O2009 Narbik. Kucha riim All righta rcirrvcii 



ftShow spanmng-trec mst config unit ion 

Name [CCIEJ 

Rev i sio n I ] nsta nc es Co n figu red 3 

] nst ance V la ns m ap p cd 

1- 1 U 1 3-3335-55, 57-4094 

1 12,34 

2 56 



To Verify the configuration before configuring the next portion of the 

task: 

On Cat-1 

Cat- lf*Sho\v spanning-trcc bridge 

Hello Max Fwd 
MST Instance Bridge ID Time Age Dly Protocol 



20 


15 


mstp 


20 


15 


mstp 


20 


15 


mstp 



MSTO 32768(32768, 0) 0015.639d.5880 2 

MSTI 32769(32768, 1) 0015.639d.5880 2 

MST2 32770(32768, 2) 0015.639d.5880 2 

Note this, command displays the BID for your snitch (This, is NOT the BID of the 
root Bridge), and instead of assigning a BID to each VI. AN, there is a BID for 
each instance, the priority is incremented based on the instance number, this is 
the only time that \»e see a priority value of 32768 assigned to a VI. AN or a group 
ofVLAVs. 

To see the root bridge tor a gjyen instance: 

On Cat-1 

Cat- lSShow spanning- tree mot 

Root Hello Max Fwd 

MST Instance Root ID Cost Time Age Dly Root Port 

MSTO 32768 0015.639d.5880 2 20 15 

MSTI 32769 (H115.639d.5880 2 20 15 

MST2 32770 (K115.639d.5880 2 20 15 

On Cat-2 



CCIE R&<> by NarMk Kuc-harLans Advanced CCIE R&S Work Book 2.0 Page 242 of 1068 

C2009 Narbik Kucha rianx All rights rc-irrvfd 



: 


20 


15 


FQ 19 


2 


20 


15 


F0T9 


-» 


20 


15 


FQT9 



Cat-2ffShow spanning-trcc root 

Root Hello Max Fwd 

MST Instance Root ID Cost Time Age Dly Root Port 

MSTO 32768 00 1 5. 63 9d. 5880 

MST I 32769 00 1 5. 63 9d 5880 200000 

MST 2 32770 00 1 5. 63 9d 5880 200000 

The above command displays the BID ol the root bridge lor different instances. 
The output may vary based on the Switch's BID. 

Enter the following command to see which switch has a BID value of 
"0015.639d.5880": 

Cat-l"Sh version 1 Inc Base cthcrnct 

Base ethernet MAC Address : 0015:fi39D:5880 

On Cat-1 

Cat-lfconfig^Sparining-trcc mst 1 priority 
Cat- l(conlig)#Sp arming-tree mst 2 priority 4096 

On Cat-2 

Cat-2(config)#Sparining-trcc mst 1 priority 4096 
Cat-2(config)ffSparming-trcc mst 2 priority 

The above commands will change the switch priority such that Cat-1 will be 

chosen as the root switch for instance 1 and Cat-2 will be chosen as the runt 

bridge for instance 2. 

By default the "Spanning-tree extend system-id"" is configured as part of your 

startup configuration, because the extended system id is set, the priority must be 

configured in increments of 4096. Remember the lower value has higher 

preference. 

To verify the configuration: 

On Cat-1 

Cat- Iff Show spanning root 

Root Hello Max Fwd 
MST Instance Root ID Cost Time Age Dly Root Port 



CHE R&«* by Nai-Mk KucharLans Advanced CC1E R&S Work Book 2.0 Page 243 of 1068 

C2Q09 Mar bib Kucharuni. AH rijjhU reserved 



MSTO 


32768 


MST1 


1 


MST2 


: 



00I5.639d.5880 2 20 15 

0015.639d.5880 2 20 15 

001c.i901.3d80 200000 2 20 15 FaO/19 

The local switch (Cat-1) is the root bridge for instance and 1 (This may be 
different based on your s\> itch's BID). The column that specifies the Root ID 
shows the priority lor MSTI and MST2 as 1 and 2 respectively, the priority is the 
sum of instance number plus the Priority. Remember that this switch's priority 
is set to zero. 

Note this switch is not the root for MST2. Another indication that it is not the 
root for instance 2 is the mot port, remember that the root bridge does not have 
any ports set as root lor the \ LANs or in this case Instances that it's the root 
bridge for. 

On Cat-2 

Cat-2ffShow spanning mot 

Root He llo Max Fwd 
M ST Instance Root ID Cost Time Age Dly Root Port 



MSTO 32768 0015.639d.5880 2 20 15 FaO/19 

MSTI I 00 15. 63 9d. 5880 200000 2 20 15 FaO/19 

MST2 2 001c.f901.3d80 2 20 15 

Note Cat-2 is the root bridge for instance 2, whereas, Cat-1 is the root for MST 
instances of and 1. 

To configure the last portion of this task, the existing state is displayed in the 

output of the following show command: 

On Cat-1 

Cat- IffShow spanning int ft) " 1 9 

Mst Instance Role Sts Cost Prio.Nbr Type 

MSTO Dcsg FWD 200000 128.21 P2p 

MSTI Dcsg FWD 200000 128.21 P2p 

MST2 Root FWD 200000 128.21 P2p 

Cat- Iff Show spanning int fll'20 

Mst Instance Role Sts Cost Prio.Nbr Type 



CHE R&* by NarMk Kuc-harians Advanced CCIE R&S Work Book 2.0 Page 244 of 1068 

£ 3009 NarbikKochariaiu. All ri||hUraervetl 



MSTO 


Dcsg 


FWD 200000 


128.22 P2p 


MST1 


Desg 


FWD 200000 


128.22 P2p 


MST2 


A. in 


BLK 200000 


128.22 P2p 


On Cat-2 








Cat-2#Shmv 


spanning int 10 19 




Mst Instance 


Role 


Sts Cost 


Prio.Nbr Type 


MSTO 


Root 


FWD 200000 


128JZ1 P2p 


MST1 


Root 


FWD 200000 


128.21 P2p 


MST2 


Dcsa 


FWD 200000 


128.21 P2p 



Cat-2#Show spanning int f0'20 

Mst Instance Role Sts Cost Prio.Nbr Type 

MSTO Altn BLK 3)0000 128.22 P2p 

MST I Altn BLK 200000 128.22 P2p 

MST2 Dcsg FWD 200000 128.22 P2p 

Note based on the output of the above Show commands, traffic for all MST 
instances take port F0T9 and none of the instances are using port ID.' 20. 
To configure items 7 and 8, port-priority command is used as follows: 

On Both switches 

(coniig)#JntFfl.i9 

(config-ifj^Spanning-trcc mst I port-priority High prior ity 

('coniig-if)# Spanning- tree mst 2 port-priority 128 

(config)#[nt F(V20 

(config-ifj^S panning- tree mst 1 port-priority 128, 
(coniig-itVSpanning-trce mst 2 port-priority 0' 

In this task Port-priority is used when selecting an interface to put into the 
forwarding state for a given instance: a lower value has a higher priority. 
In this case port FO/19 xrill be used by all the VLANs that are assigned to 
instances & 1, because it has a higher priority (Lower value), and instance 2 
will use port F0'2(l because it has been configured with a higher priority (Lower 
value). 



CCIE R&<* by NarMk Kucharians Advanced CC1E R&S Work Book 2.0 Page 34Safl068 

C2Q09 >iarbik Kucha runs. All rijj h t * mervctl 











To vL'ritv the configuration : 




On Cat-1 






Cat-l#Show spanning-trcc int fD.-*" 1 Q 






Mst Instance Role Sts Cost Pr.o.Xbr Type 




MSTO Dcsg FWD 200000 128.21 P2p 
MSTl Dcsg FWD 200000 0.21 P2p 
MST2 Altn BLK 200000 128.21 P2p 




Cat- L#Sh spanning-trcc int fl). 20 






Mst Instance Role Sts Cost Prio.Xbr Type 






MSTO Dcsg FWD 200000 128.22 P2p 
MSTl Dcsg FWD 200000 128.22 P2p 
MST2 Root FWD 200000 0.22 P2p 






On Cat-2 






Cat-2#Sho\v spanning-trcc int ID IS 1 






Mst Instance Role Sts Cost Pr.o.Xbr Type 




MSTO Root FWD 200000 128.21 P2p 
MSTl Root FWD 200000 0.21 P2p 
MST2 Dcsg FWD 200000 128.21 P2p 




Cat-2*Sh spanninL'-trcc int fll'20 






Mst Instance Role Sts Cost Pr.o.Xbr Type 




MSTO Altn BLK 200000 128.22 P2p 
MSTl Altn BLK 200000 128.22 P2p 
MST2 Dcsg FWD 200000 0.22 P2p 




Note insl antes & 1 use port F(1'19 whereas, instance 2 uses port HV20. 




CCIE R&*» by NflrbJk Ku chart an* Advanced CC1E R&S Work Book 2.0 Page 246a 

C2009 >iarl>ik Kucha riani. All rijhUi reserved 


f im 



Task 6 

Erase the startup configuration and vlan.dat before proceeding to the next lab 



CCIE R&«* by Narbik Kuchariaiw Advanced CCIE R&S Work Book 2.0 Page 24? of 1068 

£ £009 N«rl>ik Kucha riaiu. All rij|hu raerved 







Lab 9 
Private VLANs 






Task I 

The first switch should be configured with a hostname of SW1 and the second switch 
should be configured with a hostname of SW2 








On the First Switch 
Switch(config)#Hostnamc SVV 1 
On the Second Switch 
Switch(config)#Hostnamc SW2 






Task 2 

Shutdown ports FO/21-24 on SW1 and SW2 






On Both Switches: 

(config^int range fCl 2 1 -24 
(co nfig- i f-rangc)#sh u t 






Task 3 

Configure trunking between SWI and SW2 using ports FQ 19 and FO 20. Use an industry 
standard trunking protocol tor this purpose. Assign a brief meaningful description to 
these interfaces. 






On Both Switches 

S\Vxi;config)#]ntcrfacc range It) 19-20 




a 


:IE R&* b> Narblk Ku chad an* Advanced CC1E R&S Work Book 2.0 Page 248 of It 

C 2009 Xarbik KuchMriani. All rig lib reirrvcii 


*6i 


f 



SWx(config-il-range)#S witch trunk cncap dot! q 
S\Vx(config-if-rangc)#Switch mode trunk 
SYVx(config-if-range)#Dcscriptk>n Trunk to SWx 

Note you should replace the "x" on "SWx" in the description with the appropriate 
Switch number. 

————————— R eco m m en d a ti Oil— — — — — — — 

II tht; description is configured lor each interlace, the output ol the "Show interlace 
status'" can help understand the topology of the I ah. 

'i'o verify the configuration: 

On SW I 

SWlftShow int trunk 

Po rt Mod c E nc ap su latkj n Statu s N at i vc v Ian 

FaO/ 1 9 on 802. lq trunking I 

FaO/20 on 802. lq trunking 1 

Port Vlans allowed on trunk 

FaO 19 1-4094 
FaO 20 1-4094 

Port Vlans allowed and active in management domain 

FaO 19 1 
1/20 I 



Port Vlans in spanning tree forwarding state and not pained 

FaO; 1 9 I 
FaO/20 none 

On SW 2 

SWZftShmv int trunk 

Port Mode Encapsulation Status Native vlan 

FaO 19 on 802. lq trunking I 

FaO/20 on 802. lq trunking 1 

Port Mans allowed on trunk 

FaO 19 1-4094 
FaO/20 1 -4094 



COE R&* by Narbik Kuchariuiw Advanced CCIE R&S Work Book 2.0 Page 249o/1068 

C20Q9 Narbik Kuclnrum. All rights reirrvcii 











Port Vlans allowed and active in management domain 
FaO. 19 1 
FaO/20 I 

Port Vlans in spanning tree forwarding state and not pruned 
FaO' 19 I 
FaO/20 1 






Task 4 

Assign IP addressing to the interlace of the routers using the following chart and ensure 
that these routers can ping each other: You should assign a brief meaningful interface 
description on the switchports. 






Router 


Interface 


IP address and Subnet mask 




Rl 


F0 


200. 1. I.I 24 


r: 


FO 


200.1.1.2 24 


R3 


FO-'l 


200.1.1.3 24 


R4 


F00 


200.1.1.4 24 


R5 


FC»-'l 


200.1.1.5 '24 


R6 


FWl 


200.1.1.6 24 


E3B1 


F(M 


200.1.1.7 24 


BB2 


FO 


200.1.1.8 24 


BB3 


FO 


200.1.1.9 24 










On KI 

Rlfconfig)#]nt FO'O 

Rl (config-if)#Ip address 200. 1.1.1 255.255255.0 

R 1 (con fig- it>No shut 

On R2 

R2(config)#lnt F0/0 

R2(config-if)#]p address 200. 1.1.2 255.255255.0 

R2(config-ii>No shut 

On R3 

R3(conf]g)*]nt F0/1 




cc 


IE R&S b) Narblk Kucharians Advanced CCIE R&S Work Book 2.0 Page 250o/lt 

E 3009 X»rbik Koch* riiiix All rights reserved 


US 



R3(config-if)f*lp address 
R3(config-ityNo shut 


200.1.1 


.3 255.255.255.0 


On R4 








R4(config)Mnt FO 
R4(eonfig-if)#]p address 
R4(config-if)#Na shut 


200.1.] 


4 ?S S 7SS i 


"0 


On R5 








R5(config)#IntF0/l 
R5(cc)nfig-if)#]p address 
R5(config-if)#No shut 


200.1.1 


.5 255.255.2 


55.0 


On R6 








R6(config)#IntF0/l 
R6fconfig-if)rr ]p address 
R6(config-if)# "So shut 


200.1.1 


.6 255.255.. 


Z55.0 


On BB1 








BBl(contlg)#IntFO/! 

BB 1 (config-if)* Ip address 200.1 

BB1 (eonfig-if)# No shut 


] 7 7SS 75* 


5 ?55 


On BB2 








BB2(contlg)#intFCW3 
BB2(config-ii>ip address 200.1. 
BB2(config-it>Xo shut 


1.8 255.255 


255.0 


On BB3 








BB3(eonfig)#intF(W 
BB3(contlg-if)#ip address 200.1 . 
B B 3 (co n fig- it>No s hu t 


1.9 255.255 


255.0 


On SW1 








S\Vl(config)#lntF0 1 









CCIE R&* by NarhOc Kuc-harians Advanced CCIE R&S Work Book 2.0 Page 251 of 1068 

£2009 Xarbik Kuchiriani. All rights reirrvcil 



S W 1 (c o nfig- i t>D t; SC ri p li on R 1' s WW Q 

SWI (config)#Int F0'2 
SWl(config-if)#De«cription R2"s FD/D 

SWI (config)#Int range FO/3 , FQ-5-9 , FQ/12-18 , FO/21-24 
SWI (config-if-range)#Dt!si:ription — 

SWI (config)#Int FQ'4 

SWI (config-iiWe-sc ription R4 ? s FO/fl 

SWl(config)«iitF(yi2 

SWI (config-if)#Desi: ription BBTs FWO 

SWl(config)#lntFG'13 

SWI (config-if)#Dt;si: ription BB3 ? s FO/H 

SWI (ccmfig)#Int range FQ-'l 9-20 
SWl(config-if-rangc)#Desi:riptmn Trunk to SW2 

On SW2 

SW2(config)#Im range FO/1-2 ,F0/4 , FQ ; 1 0-18 ,FQ/2 1-24 
S W2 (c o nfig- i f-range)#D e s t; ri p li cm -- ■ 

SW2(config)#Int FQ'3 

S W2 (c o nfig- i i>D a SC ri p li o n R3 ' s WW 1 

SW2(config)#Int FO/5 

S W2 (c fl nfig- if|#Dese ri p ti o n RS's FO/1 

SW2(config)#Int FQ''6 
SWZfconfig-itWescriplion Rfi*s FW1 

SW2(config)#lntFQ/ll 
S\V2(config-ii>DBsc ription BBTs Ffl/1 

SW2(config)#lnt range FQ'l 9-20 
SW2(config-if-range)#D esc ription Trunk to SWI 

To test and verify the configuration: 
On RI 



CCIE R&«* b) Narhlk KuL-harLuiw Adt anted OOE R&S Work Book 2.0 Page 2S2t>flQ68 

CM Narbik Koch* runx All rig h Unnerved 



RlsPing 200.1.1.2 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echosto 200. 1. 1.2, timeout is2 seconds: 

Success rate is 100 percent (5/5), round-trip min.'avg max = 1/2/4 ms 

Rl*Ping 200.1.1.3 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echosto 200. 1. 1.3, timeout is 2 seconds: 



Success rate is 100 percent (5/5), round-trip min/avy/max = 1/2/4 ms 

Rl^Ping 200. 1.1.4 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1. 1.4, timeout is 2 seconds: 



Success rate is 100 percent (5/5), round-trip min.'avg max = 1/2/4 ms 

Rl#Fing200.L1.5 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1.1.5, timeout is 2 seconds: 

Mill 

Success rate is 100 percent (5/5), round-trip min.'avg'max = 1/2/4 ms 

Rl*Ping 200.1.1.6 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1.1.6, timeout is 2 seconds: 

lllll 

Success rate is 100 percent (5/5), round- trip min.'avg'max = 1/2/4 ms 

Rl*Ping 200.1.1.7 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1.1.7, timeout is 2 seconds: 



Success rate is 100 percent (5/5), round-trip min.'avg'max = 1/2/4 ms 

Rl*Ping 200.1.1.8 

Type escape sequence to abort. 



CCIE R&S bj Narbik kuL-hariaiw Advanced OCIE R&S Warlc Buok 2.0 Page 2S3 aflQ68 

C 2009 Narbik Kucha rianx All rig h Unnerved 



Sending 5, 100-bytc ICMP Echos to 200. 1. 1.8, timeout is 2 seconds: 

(MM 

Success rate is 100 percent (5/5), round-trip min.'avg'max = 1/2/4 ms 

RljPjjjg 200.1.1.9 

Type, escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1.1.9, timeout is 2 seconds: 

I M M 

Success rate is 100 percent (5/5), round-trip min.'avg'max = 1/2/4 ms 



Task 5 

Configure the switches such that the ports that arc not used arc in administratively down 
state. Use minimum number of commands for this task. 



On S\\ 1 










SW1 (config)#int range FO/3 , FO/5 , FO/10, F0 '14-18 , 


FO/21-2 


4 


SW1 (config-if-rangc)* 


'Shut 








To verify the ctinf 


miration: 








On S\\ 1 




SWl#Sh int status 










Port 


Name 


Status 1 


Ian Duplex Speet 


Type 


FaO/1 


Rl'sFO'O 


connected 


1 a- full 


a- 100 


10/lOOBascTX 


FaO/2 


r: s fq'O 


connected 


1 a-tlill 


a- 100 


10/ 100BaseTX 


FaO/3 


-- 


disabled 


1 auto 


auto 


10/ 100BaseTX 


FaO/4 


R4's FG'O 


connected 


I a-full 


a- 100 


10. 100BaseTX 


FaO/5 


.. 


disabled 


auto 


auto 


10." 100BaseTX 


Fa0'6 


,. 


disabled 


auto 


auto 


10 -100BaseTX 


FaO " 


_. 


disabled 


auto 


auto 


10 "100BaseTX 


FaO 8 


.. 


disabled 


auto 


auto 


10; 100BaseTX 


FaO/9 


~ 


disabled 


auto 


auto 


10/ 100BaseTX 


FaO/ 10 


— 


disabled 1 


a- lull 


a- 100 


10: 100BaseTX 


FaO/ 11 


BBl'sFO-0 


connected 


a- lull 


a- 100 


10 100BaseTX 



CeiE R&l*> by Narblk kuchariaiH Advanced CCIE R&S Work Book 2.11 

C 2D09 Nw-bik Kucha riiu. All rijhu rtserved 



Page 254 of 1068 





















Fat)/ 12 BB2's FO/0 


disabled 1 


auto 


auto 


10- 100BaseTX 








FaO/13 BB3'sF0/0 


disabled 1 


auto 


auto 


10- 100BaseTX 








FaO/14 -- 


disabled 1 


auto 


auto 


10 100BaseTX 








Fa0/15 - 


disabled 1 


auto 


auto 


10; 100BaseTX 








FaO/16 -- 


disabled 1 


auto 


auto 


10; 100BaseTX 








FaO/17 -- 


disabled 1 


auto 


auto 


10 ■100BaseTX 








FiiO/18 -- 


disabled 1 


auto 


auto 


lO.TOOBascTX 








FaO/19 Trunk!:. S "A 2 


connected trunk 


a- mil 


a- 100 


10/ 100BaseTX 








FaD/20 TranktoSW2 


connected trunk 


a-full 


a- 100 


10 100BaseTX 








FaD/21 -- 


disabled 1 


auto 


auto 


10/ 100BaseTX 








FaO/22 -- 


disabled 1 


auto 


auto 


lO.TOOBascTX 








Fa0/23 -- 


disabled 1 


auto 


auto 


10 100BaseTX 








FaO/24 -- 


disabled 1 


auto 


auto 


10; 100BaseTX 








On SW 2 
















S\V2(config)#int range FO/1-2 , FO/4 , FO/8-10, FO'12- 


18 .FW2I-24 








S\V2(config-ifl#Shut 
















To verify the configuration: 














On SW2 
















SW2#Sh int status 
















Port Name 


Status Vlan 


Duplex Speed 


Type 








FaOT - 


connected 1 


a- mil 


a- 1 00 


Hi' 100BaseTX 








FaO/2 ■■ 


connected 1 


a-full 


a- 100 


10. 100BaseTX 








FaO/3 R3'sF0/l 


disabled 1 


auto 


auto 


10; 100BaseTX 








FaO/4 - 


connected 1 


a- mil 


a- 100 


lO.TOOBascTX 








FaO/5 R5\s FO/1 


disabled 1 


auto 


auto 


lO.TOOBascTX 








FaO/6 Rfi'sPOVl 


disabled 1 


auto 


auto 


lO.TOOBascTX 








FaO/7 » 


disabled 1 


auto 


auto 


10/1 00 Base TX 








FaO/8 - 


disabled 1 


auto 


auto 


10/ 100BaseTX 








FaO/9 - 


disabled 1 


auto 


auto 


10^ 100BaseTX 








FaO.TO - 


connected 1 


a-full 


a- 100 


lO.TOOBascTX 








FaOTl BBl'sFD/O 


connected 1 


a- mil 


a- 100 


lO.TOOBascTX 








FaOT 2 - 


disabled 1 


auto 


auto 


lO.TOOBascTX 








FaOT 3 -- 


disabled 1 


auto 


auto 


10/1 00 Base TX 








FaO/14 -- 


disabled 1 


auto 


auto 


10/100BascTX 








FaOT 5 -- 


disabled 1 


auto 


auto 


10/ 100BaseTX 








FaOT 6 -- 


disabled 1 


auto 


auto 


lO.TOOBascTX 








FaO/17 -- 


disabled 1 


auto 


auto 


10/1 00 Base TX 








FaO 18 -- 


disabled 1 


auto 


auto 


10/1 00 Base TX 






cc 


IE R&* In Narbik Kucharians Advanced CCIE R&S Work Book 2.0 Page 255 


of It 


168 




C J0Q9 Narbik Kucha rians. All 


~ti|hlj raerv 


ed 





FaO/19 


Trunk to SW2 connected 


trunk 


a- Hill a- 100 


lOTOOBascTX 


FaO/20 


Trunk to S W2 co nn ec ted 


trunk 


a- foil a- 100 


10/lOOBascTX 


FaO/21 


disabled 


i 


auto 


auto 


10/ 100BaseTX 


FaD/22 


disabled 


1 


auto 


auto 


10. 100BaseTX 


FaQ/23 


disabled 


1 


auto 


auto 


10/ 100BaseTX 


FaO/24 


disabled 


1 


auto 


auto 


lOTOOBascTX 


Note th 


e interface description can be ex 


remely helpf 


ul spec 


ally if the switches are 


configu 


red in transparent mode. 


and' or 


the task asks 


for the 


configuration of 


allowed VLANs on the trunks. 











Task 6 



Configure Private VLANs based on the following policy: 



Router 


Interface 


VLAN- Type 


\ LAN-ID 


Rl 


FII/0 


Primary 


in 


R2 


PO/fl 


Co mm unitv 


20 


R3 


PO/1 


Community 


20 


R4 


FO'O 


Community 


30 


R5 


F0/1 


Community 


3ii 


R6 


FO/ 1 


Isolated 


40 


BB1 


Foy i 


Isolated 


40 


BB2 


PO/0 


Isolated 








Isolated 





Private-VLANs are typically seen in service provider networks, this feature addresses 
two major problems that the providers used to face: 

1. N u rn b e r o f C li e n ts : If every client was in a VLAN of their own, the provider 
will be restricted to 4094 clients, which is the maximum number of VLANs 
on a given switch. 

2. Routing between VLAN>i >&■ IP addressing: Routing between VLANs will be a 
nightmare, and the number of wasted IP addresses that result from 

Submitting will be enormous, 

Private-VLANs solves these two issues, with Private-VLANs a VLAN is sub-divided into 
sub- VLANs or sub- do mains. 



CCIE R&^ b* Nurbik Kuirharians 



Ad* rniL-td CCIE R&S VYurk Book 2.0 

C 2009 NarlrikKuchariini. All rij|hU reserved 



Page 256 of 1Q6H 



Private- VLANs consist of one primary', and one or more secondary VLANs, the 
secondary VLANs can be either Community VLANs or Isolated VLANs. 

A Primary VLAN can have many Community VLANs, but it can ONLY have a 
Single Isolated VLAN. 

Ports in a Private- VLAN: 

There are three types of ports in Private-VLAN and they are as follows: 

1. Promiscuous : A promiscuous port belongs to the primary VLAN: this port 
can communicate with all ports that are member of a secondary VLAN/8 
(Community and'' or Isolated) that are associated with the primary VLAN 
that it belongs. 

2. Isolated : An isolated port is a host port that belongs to an isolated secondary 
VLAN. The host ports that are member of a given Isolated VLAN can NOT 
Communicate with each other. These ports can ONLY' communicate with the 
Port configured as Promiscuous port. 

3. Community : A community port is a host port that belongs to a community 
Secondary \ LAN. Community ports can communicate with ports in the same 
Community VLAN and with the port that is configured as promiscuous ports. 
These ports can't Communicate with other ports in other Community VLANs. 

On Both Switches: 

In order to configure private-vlans, the switches must be configured in Transparent 
mode as follows: 

(config)#vtp mode transparent 

The following commands configures the primary VLAN 

iconi:g)-\lan 10 

(config-vlan)#private-vlan primary 
( co nfig- v Ian )#E x i t 

The following tv»o VLAVs are defined as the community secondary VLANs, there could 
be many community VLANs: 

(config)#vlan 2(1 
(conlig-vlan)nprivate-vlan community 



CCIE R&S by Narhflc Kuchariuiw Advanced CC1E R&S Work Book 2.0 Page 25? of 1068 

C 2009 Narbik Kucha rianx All rights reirrvcii 



i;coniig)#vlan 3(1 

( co nlig- vlan )f*priv ate- vlan community 

There can ONLY' be one isolated secondary VI. AN: 

(confag)#vlan 40 

( c onfig- v Ian )f*pri\ ate- vlan isolated 

The following command associates the secondary \ LANs to the primary: 

(config)#vlan 1 CI 

(conJig-vlan)rrprivate-\lan association add 20,30,40 

To verify the conf'iauration: 

On Both Switches: 

SWjcgSjjgw vlan private- vlan 

Primary Secondary Type Ports 

10 20 community 

10 30 community 

1 40 isolated 

The output off the above show command displays the secondary VLANs that are created 
so far and the primary VLAN to which they are associated. 

OnSWl 

The following command sets F0/1 interface in promiscuous mode, assigns the port to 
primary VLAN 10 and maps VLANs 20, 30 and 40 to this interface: 

S\Vl(config)#lntF0/l 

SW1 (config- iiV* Switch port mode private- vlan promiscuous 

SW1 (co nfig-if)* Switch port private- vlan mapping 10 2030,40 

The ports that belong to a given secondary VLAN must be configured in host mode. The 
following command sets FO'2 interface in a host mode, associates this port to VLAN 10 
(The primary VLAN) and assigns this port to VLAN 20 which was configured as a 
community secondary VLAN earlier: 

SWl(config-ii>]ntF0/2 

S VV 1 (c o nfig- i fjjj Sw i t ch p o rt m o d e p r iv a t e- v 1 an host 



CCIE R&S by Narbflc Kueharians Advanced CC1E R&S Work Book 2.0 Page 2S8oflQ68 

€2009 Xarbik Kuchiriani. AH rights rcirrvrii 



S W 1 (c o nfig- i tV* Sw i t eh p o rt p ri\ a t e- v la n h o st -a ssoc i a t i o n 1 (I 2 

The following command sets HI/4 interface in a host mode, associates this port to VLAN 
10 (The primary VLAN) and assigns this port to VLAN" 3(1 which was configured as a 
community secondary VLAN earlien 

S\V](config-ii>]ntF0/4 

S W 1 (c o nfig- i f)?* Sw i t ch p o rt m o d e p r iv a t e- \ I an h o st 

S \V 1 (c o nfig- i i)n s w i t ch p o rt pr iv a t e- v la n ho st - a ssoc i a t i on 1 30 

The following command sets HI/ 11 and FO'12 interfaces in a host mode, associates these 
ports to VLAN 10 (The primary VLAN) and assigns these ports to VLAN 4(1 which was 
configured as an isolated secondary VLAN earlier 

SW1 (config)#l nt range HI' 11-12 

SW1 (co nfig- if)?* Switch port mode private- v Ian host 

S YV1 (config-if>Sw itch port private-vlan host -association 10 40 

To verify the configuration: 



On SW I 

SWl*Sh vlan pri 

Primary Secondary Type Ports 



10 20 community FaOT, Fa0/2 

10 30 community FaO.'l,FaO/4 

10 40 isolated FaD/1, Fa0/ll, FaD/12 

On SW2 

SW2(config)*Int F0/3 

S \V2 (c o nfig- if)#Sw itch port mode private-vlan host 

S\V2(config-if)f#Sw itch port private-vlan host -association 10 20 

SW2(config)#lntF0/5 

SW2(config-if)#Sw itch port mode private-vlan host 

S\V2(config-if)?*Sw itch port private-vlan host -association 10 30 

SW2(config)*lnt range FO/6 , Fll/l 1 

S W2 (c o nfig- it)n Switch port mode private-vlan host 

S\V2(config-ii)? f switchport private-vlan host-association 10 40 



CCIE R&*> b\ Narbik Kuirhariaiw Ach anccd CCIE R&S Work Book 2.0 Pqge 2S9oflQ68 

C 2009 XarbikKocharians. All ry lib reserved 



To verify the configuration: 

On SW2 

S\V2ttS how vlan privatc-vlan 

Primary Secondary Type Ports 



10 20 community FaO 2 

10 30 community FaO/5 

10 40 isolated Fa0/6 S FaO/H 

To test the configuration: 

On Rl 

Rl*Ping 200.1.1.2 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echosto 20O.LL2, timeout is 2 seconds: 



Success rate is 100 percent (5/5), round-trip min/avgrnax = 1/1/4 ms 

RlftPing 200.1.1.3 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echosto 200. 1. 1.3, timeout is 2 seconds: 



Success rate is 100 percent (5/5), round- trip min/avg max = 1/2/4 ms 
RlfrPing 200. 1.1.4 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1. 1.4, timeout is 2 seconds: 

MMI 

Success rate is 100 percent (5/5), round-trip min/avg'max = 1/2/4 ms 
RlftPing 200.1.1.5 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1.1.5, timeout is I seconds: 



Success rate is 100 percent (5/5), round-trip min/avg max = 1/2/4 ms 



CCIE R&«> by NarMk Kocharians Advanced CCIE R&S Work Book 2.0 Page 260oflQ68 

C 2009 >iarbik Kucha rliia All rijjIiU rcirnul 



Rl*Ping 200.1.1.6 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1.1.6, timeout is 2 seconds: 

Success rate is 100 percent (5/5), round-trip min/avg max = 1/2/4 ms 

Rigging 200.1.1.7 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1.1,7, timeout is 2 seconds: 



Success rate is 100 percent (5/5), round-trip min/avg'max = 1/2/4 ms 

Rigging 200. 1.1.8 

Type escape sequence to abort. 

Sending 5 , 100-bytc ICMP Echos to 200. 1. 1.8, timeout is 2 seconds: 



Success rate is 100 percent (5'5), round-trip min/avg max = 1/2/4 ms 

Rl#Ping 200.1.1.9 

Type escape sequence to abort. 

Sending 5 S 100-bytc ICMP Echos to 200. 1.1.9, timeout is 2 seconds: 

Success rate is 100 percent (5/5), round-trip min/avg'max = 1/2/4 ms 

Note Rl is able to ping all routers because it is eon figured to be in promiscuous mode, 
this in ted ace can bethought of as the default gateway. 

On R2 

R2*Pina 200. I.I.I 



Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1.1.1, timeout is 2 seconds: 



Success rate is 100 percent (5/5), round-trip min/avg max = 1/1/4 ms 

R2*Ping 200.1.1.3 

Type escape sequence to abort. 



COE R&* by NarMk Kuehariaiw Advanced CCIE R&S Work Book 2.0 Page 261 of 1068 

C 15009 Xarbik Kxidiariaiu. All righti raervetl 













Sending 5, 100-bytclCMP Echosto 200. 1.1.5, timeout is 2 seconds: 

(MM 








Success rate is 100 percent (5/5), round-trip min/avg'max = 1/1/4 ms 








Note R2 is able to ping Rl nhich is the port in the primary VLAN 

same community VLAN. 


and R3 which is in the 






R2#PinK 200.1.1.4 








Type escape sequence to abort. 

Sending 5, 100-bytclCMP Echosto 200.1.1.4, timeout is 2 seconds: 








Success rate is percent (0/5) 








R2*Ping 200.1.1.5 








Type escape sequence to abort. 

Sending 5, 100-bytclCMP Echosto 200.1.1.5, timeout is 2 seconds: 








Success rate is percent (0/5) 








R2#Ping 200.1.1.6 








Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echos to 200. 1.1.6, timeout is 2 seconds: 








Success rate is percent (0/5) 








R2*Ping 200.1.1.7 








Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echos to 200. 1. 1.7, timeout is 2 seconds: 








Success rate isO percent (0/5) 








R2*Pins 200.1.1.8 








Type escape sequence to abort. 

Sending 5, 100-bytc [CMP Echos to 200. 1.1.8, timeout is 2 seconds: 








Success rate isO percent (0/5) 








R2*Pin« 200.1.1.9 








Type escape sequence to abort. 






cc 


IE R&.5> ti> Narvik kucharians Advanced CCIE R&S Work Book 2.0 

C 20419 Varbik Kucha riani. All rijhu reserved 


Page 262 of 1068 





Sending 5, 100-bytc ICMP Echos to 200. 1. 1.9, timeout is 2 seconds: 
Success rate is (1 percent (0/5) 

Note R2 was NOT able to ping the other routers because they are NOT in primary or in 

the same community secondary VLAN. 

On K3 

RgsPing 200.1.1.1 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1. 1. L timeout is 2 seconds: 

(MM 

Success rate is 100 percent (5*5), round- trip min/avg'max = 1/2/4 ms 
R3*Ping 200.1.1.2 

Type escape sequence to abort. 

Sending 5. 100-bytc ICMP Echos to 200. 1. L2, timeout is 2 seconds: 

VMM 

Success rate is 100 percent (5/5), round-trip min/avg'max - 1/1/4 ms 

Note 113 is able to ping Rl which is the port in primary VLAN and the router in its own 
community secondary VLAN, which is R2. 

R3g Ping 200.1.1.4 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1. 1.4, timeout is 2 seconds: 

Success rate is percent (0/5) 
R3#Pjjjg 200.1.1.5 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1. L5, timeout is 2 seconds: 

Success rate isO percent (0/5) 

R3#PJBg 200.1.1.6 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1.1.6, timeout is 2 seconds: 



CHE R&S by NarMk Kuchariaiw Advanced CCIE R&S Work Book 2.0 Page 263 of 1068 

C2009 NarbikKochariaiu. All rijhu raerved 



Success rate is I) percent (0/5) 

R3*Ping 200.1.1.7 

Type escape sequence to abort. 

Sending 5. 100-bytc 1CMP Echos to 200. 1.1.1 0. timeout is 2 seconds: 

Success rate is percent (0/5) 

R3*Ping 200. 1.1.8 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1. 1.6, timeout is 2 seconds: 

Success rate is percent (0/5) 

R3#Ping 200.1.1.9 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1.1.10, timeout is 2 seconds: 

Success rate is percent (0/5) 

Note 113 can NOT piny the other routers because they are in another secondary VLAN, 

On K4 

R4?Ping 200. 1.1.1 



Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1. 1. 1, timeout is 2 seconds: 

Mill 

Success rate is 100 percent (5/5), round-trip min.'avg'max = 1/2/4 ms 
R4#Ping 200. 1.1.5 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1. 1.5, timeout is 2 seconds: 

Mill 

Success rate is 100 percent (5/5), round- trip min.'avg'max = 1/1/4 ms 

Note R4 is able to ping Rl which is the port in primary VLAN and the router in its own 

community secondary VLAN, which is R5. 



COE R&«* by Narvik KucharLaiH Advanced CCIE R&S Work Book 2.0 Page 264 of 1068 

C 2009 Narbik Kucha rianx All rights rcirrvwl 



R4*Ping 200.1.1.2 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echosto 200. 1. 1.2, timeout is2 seconds: 

Success rate is (I percent (0/5) 

R4*Ping 200.1.1.3 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1. 1.5, timeout is 2 seconds: 

Success rate is (I percent (0/5) 

R4^Ping 200. 1.1.6 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1. 1.6, timeout is 2 seconds: 

Success rate is percent (0/5) 

R4*Ping 200.1.1.7 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1. 1.7, timeout is 2 seconds: 

Success rate is percent (0/5) 

R4#Ping 200.1.1.8 

Tvpc escape sequence to abort. 

Sending 5, 100-bytc ICMP Echosto 200.1.1.8, timeout is 2 seconds: 

Success rate is percent (0/5) 

R4*Ping 200.1.1.9 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1. 1.9, timeout is 2 seconds: 

Success rate is percent (0/5) 

Note R4 can NOT piny the other routers because they are in another secondary VLAN. 



CCIE R&S by Narvik Kuchariaiw Advanced CCIE R&S Work Book 2.0 Page 26Safl068 

C2009 X»rbik Koch* runs. All rij|liU rcirrvwl 



On R5 

R5*Ping 200.1.1.1 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echosto 200. 1, i. i, timeout is 2 seconds: 

Mill 

Success rate is 100 percent (5/5), round- trip min'avg'max = 1/2/4 ms 
R5#Ping 200.1.1.4 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1. 1.4, timeout is 2 seconds: 
i n H 

Success rate is 100 percent {515% round-trip min/avg. max = 1/2/4 ms 

Note R5 is able to ping Rl uhich is the port in primary VLAN and the router in its own 
community secondary VL.AX (R2). 

R5#Ping 200.1.12 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1. 13, timeout is 2 seconds: 

Success rate is percent (0/5) 

R5*Ping 200.1.13 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echosto 200. 1. 1.4, timeout is 2 seconds: 

Success rate is percent (0/5) 

R5*Ping 200.1.1.6 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1. 1.6, timeout is 2 seconds: 

Success rate is percent (0/5) 

R5*Ping 200.1.1.7 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echosto 200.1.1.7, timeout is 2 seconds: 



CCIE R&S by NarMk Kuchariaiw Advanced CCIE R&S Work Book 2.0 Page 266 of 1068 

C 2009 N»rbik Koch* rutin. All rjjjhU raervctl 



Success rate is (I percent (0/5) 

R5#Ping 200.1.1.8 

Type escape sequence to abort. 

Sending 5. 100-bytc ICMP Echos to 200. 1. 1.8, timeout is 2 seconds: 



Success rate is percent (0/5) 

R5*Fing 200.1.1.9 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1. 1.9, timeout is 2 seconds: 



Success rate is percent (0/5) 

Note 115 can NOT piny the other routers because they are in another secondary VLAN. 

On R6 

R6*Ping 200.1.1.1 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1. 1. 1, timeout is 2 seconds: 



Success rate is 100 percent (5/5), round-trip min/avg'max = 1/1/4 ms 

Note R6 is able to ping Rl which is the port in primary VLAN but it can NOT ping any 
other router, even though BB1, BB2 and BB3 are in the same VLAN, but remember thai 
the VL\N is defined as isolated; the hosts in isolated VLAN do NOT have reachability 

to each other. 

R6*Ping 200.1.12 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1. 1.2, timeout is 2 seconds: 



Success rate isO percent (0/5) 

R6*Ping 200.1.13 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1.1.3, timeout is 2 seconds: 



CHE R&S by NarMk Kuchariaiw Advanced CCIE R&S Work Book 2.0 Page 26? of 1068 

C 3009 Narbik. Kucha riaiu. All right] reserved 



Success rate is (I percent (0/5) 

R6*Ping 200.1.1.4 

Type escape sequence to abort. 

Sending 5. 100-bytc ICMP Echos to 200. 1. 1.4, timeout is 2 seconds: 

Success rate is percent (0/5) 

R6*Ping 200.1.1.5 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1. 1.5, timeout is 2 seconds: 

Success rate is percent (0/5) 

R6*Ping 200. 1.1.7 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200.1. 1.7, timeout is 2 seconds: 

Success rate is percent (0/5) 

R6*Ping 200. 1.1.8 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200.1.1.8, timeout is 2 seconds: 

Success rate is percent (0/5) 

R6* Ping 200.1.1.9 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1.1.9, timeout is 2 seconds: 

Success rate isO percent (0/5) 

On BB1 

BBl*Ping 200.1.1.1 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1.1.1, timeout is 2 seconds: 



CeiE R&S by Narbflc Kucharians Advanced CCIE R&S Work Book 2.0 Page 268 of 1068 

C 20(19 NarbikKocharuiiu. All riflhla raervetl 



Success rate is 100 percent (5/5), round-trip min/avg 'max = 1/1/4 ms 

Note BR1 is able to pint; Rl which is the port in primary VLAN hut it can NOT piny tiny 
other router, even though R6, BB2 and BB3 are in the same VLAN, hut remember that 
the VL\N is defined as an isolated secondary VLAN: the hosts in isolated VLAN do 
NOT have reachability to each other. 

BBI*Ping 200.1.1.2 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200.1.1.2, timeout is 2 seconds: 



Success rate is II percent (0/5) 

BBlflPing 200.1.1.3 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1.1.3, timeout is 2 seconds: 



Success rate isO percent (0/5) 

BBIflPing 200. 1.1.4 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1. 1.4, timeout is 2 seconds: 



Success rate is percent (0/5) 

BBlflPing 200.1.1.5 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1.1.5, timeout is 2 seconds: 

Success rate isO percent (0/5) 

BBl*Ping 200.1.1.6 

Type escape sequence to abort. 

Sending 5 r 100-bytc ICMP Echos to 200.1.1.6, timeout is 2 seconds: 



Success rate is percent (0/5) 

BBiaPina 200.1.1.8 



CCIE R&^ b\ Narblk Kuirhariuiw Adt uiccd CCIE R&S Work Book 2.0 Pqge 269t>flQ68 

C 2009 X»rbik Koch* riinx All rig h Unnerved 



Type escape sequence to abort. 

Sending?, lQQ-bytc 1CMP Echos to 200.1.1.8, timeout is 2 seconds: 



Success rate is percent (0/5) 

BBIflPing 200. 1.1.9 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1. 1.9, timeout is 2 seconds: 



Success rate isO percent (0/5) 
On BB2 

BB2f*Ping 200.1.1.1 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1.1.1, timeout is 2 seconds: 



Success rate is 100 percent (5/5), round-trip min/avgmax = 1/1/4 ms 

Note BB2 is able to piny Rl which is the port in primary VLAN but it can NOT ping any 
other router, even though R6, BB1 and BB3 are in the same VLAN, but remember that 
the VLAN is defined as an isolated secondary VLAN: the hosts in isolated VLAN do 
NOT have reachability to each other. 

BB2#Ping 200.1.1.2 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1. 1.2, timeout is 2 seconds: 



Success rate isO percent (0/5) 

BB2*Ping 200. 1.1.3 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1.1.3, timeout is 2 seconds: 



Success rate is percent (0/5) 

BB2*Ping 200. 1.1.4 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1. 1.4, timeout is 2 seconds: 



CHE R&S by NarMk Ku char La rat Advanced CCIE R&S Work Book 2.0 Page 2?0afl068 

C 3009 Narbik. Kucha riani. All rij; h La reserved 



Success rate is I) percent (0/5) 

BB2*Ping 200. 1.1.5 

Type escape sequence to abort. 

Sending 5. 100-bytc 1CMP Echos to 200. 1. 1.5, timeout is 2 seconds: 



Success rate is percent (0/5) 

BB2*Ping 200. 1.1.6 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echos to 200. 1. 1.6, timeout is 2 seconds: 



Success rate is percent (0/5) 

BB2*Ping 200. 1.1.7 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1.1.7, timeout is 2 seconds: 



Success rate is percent (0/5) 

BB2*Ping 200. 1.1.9 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1.1.9, timeout is 2 seconds: 



Success rate is percent (0/5) 
On Bjj3 

BB3*Ping 200.1.1.1 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1.1.1, timeout is 2 seconds: 


Success rate is 100 percent (5'5), round-trip min/avg max = 1/1/4 ms 

Note BB3 is able to piny Rl which is the port in primary VLAN hut it can NOT ping any 
other router, even though R6, BB1 and BB2 are in the same VLAN, hut remember that 
the VLAN is defined as an isolated secondary VLAN: the hosts in isolated VLAN do 
NOT have reachahilitv to each other. 



CCIE R&«* by NarMk Kucharians Advanced CCIE R&S Work Book 2.0 Page 271 of 1068 

C 20(19 NarbikKochariaiu. All ri||hUririerv«l 



BB3^Ping 200.1. 1.2 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200.1. 1.2, timeout is 2 seconds: 

Success rate is percent (0/5) 

BRggPing 200.1.1.3 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1. 1.3, timeout is 2 seconds: 

Success rate is (I percent (0/5) 

BB3*Ping 200. 1.1.4 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1. 1.4, timeout is 2 seconds: 

Success rate is percent (0/5) 

BB3*Ping 200. 1.1.5 

Type escape sequence to abort. 

Sending 5 S 100-bytc ICMP Echos to 200. 1. 1.5, timeout is 2 seconds: 

Success rate is percent (0/5) 
BB3*Ping 200.1. 1.6 



Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1. 1.6, timeout is 2 seconds: 

Success rate is percent (0/5) 

BB3#Pjng 200. 1.1.7 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1.1.7, timeout is 2 seconds: 

Success rate is percent (0/5) 

BB3*Ping 200. 1.1.8 

Type escape sequence to abort. 



CCIE R&S b> Narbik Ruirhariuiw Advanced OOE R&S Work Book 2.0 Page 2?2 t>f 1068 

£2009 Narbik Koch* runs. All rig h Unnerved 



Sending 5, 100-bytc ICMP Echos to 200. 1. 1.8, timeout is 2 seconds: 
Success rate is (I percent (0/5) 



Task 7 

Reconfigure the IP addressing of the hosts that belong to the two community secondary 
VLAXs based on the following chart and provide IntcrVlan muting between them: The 
hosts in the other secondary VLAXs should still be able to reach the host in the primary 
VLAX. You can use static mutes and any IP addressing to accomplish this task. 



Routers 


IP address 


VLAX-1D 


R2 
R3 


202. 1 . 1 .2 .24 

202.1.1.3 '24 


20 
20 


R4 
R5 


203. 1.1.4 .'24 

203.1.1.5 '24 


30 
30 



On R2 








R2(config)#int «D/0 
R2(config-if)#ip add 


r 202.1. 


] 7 ?SS ">^ -■ 


55.0 


R2(config)nip route 


0.0.0.0 0.0.11.0202.1 


.1.1011 


On R3 








R3(config)#intiu71 
R3(config-ii>ip add 


r 202.1. 


1.3 255.255.255.0 


R3(config)#ip route 


0.0.0.0 0.0.0.0 202.1 


.1.100 


On R4 








R4(config)#int ftl.'O 
R4(config-if)#ip addr 203. 1. 


1.4 255255.255.0 


R4(config)nip route 


0.0.0.0 0.0.0.0203.1 


.1.100 


On R5 









CCIE R&«* b\ Narbik KuL-harLaiis Athancid CCIE R&S Work Book 2.11 

C2009 \arhik Kucha rian«. All rijhfci rtiervcu 



Page 273 of 1068 



Rj5(ccmfig)#mtfl)/1 

R5(config-ii>ip addr 203. 1. 1.5 255255.255.0 

R5(config)#ip route 0.0.0.0 0.0.0.0 203.1.1.100 

On SWI 

S W 1 (c o nfig)#1 p rou t i ng 

Note two IP addresses are configured under interface VLAN 10, a primary and a 

secondary, the primary IP address is used by VLAN 20 and the secondary is used by 

the hosts in VLAN 30. 

The "Private-vlan mapping" command maps the secondary VLAYs to their layer 3 

VLAN interface, in this case VLAN 10 which is the layer 3 interface of the primary 

VLAN. 

S\Vl(config)#intvlan 10 

SW1 (corffg-ifpip addr 202. 1.1.1 00 255.255.255.0 
SWI (config-if)#ip addr 203. 1.1 .1 00 255.255.255.0 sec 
S W 1 (c o nfig- i f)#p riv a t e- \ I an mapping 20 ,30 

With the "Private-vlan mapping" interface configuration command, secondary 
VLANs can be added or removed using the "Private-vlan mapping add, or Private- 
vlan mapping remove" interface configuration command. After this command is 

entered, you should get the following messages: 

%PV-6-PV_MSG: Created a private vian mapping. Primary 10, Secondary 20 
%PV-6-PV_MSG: Created a private vtan mapping, Primary 10, Secondary 30 

'l'» verify tlu 1 configuration: 

On S\V 1 

SWI #Shmv interlaces private-vlan mapping 
Interlace Secondary VLAN Type 



vlanlO 20 community 

vlanlO 30 community 

To test the configuration: 



CCIE R&* by NarMk KueharLans Advanced CCIE R&S Work Book 2.0 Page 274 of 1068 

C 2009 Narbik Kucha riaiu. All rig h Unnerved 



On R2 

R2#Ping 203. 1.1.4 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 203. 1. 1.4, timeout is 2 seconds: 

Mill 

Success rate is 100 percent (5/5), round- trip min'avg'max = 1/2/4 ms 
R2#Ping 203.1.1.5 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 203. 1. 1.5, timeout is 2 seconds: 



Success rate is 100 percent (4/5), round-trip rnin.'avg'max = 1/1/4 ms 
On BB1 

BBIffPing 200. 1.1.1 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1.1.1, timeout is 2 seconds: 

MIM 

Success rate is 100 percent (5/5), round-trip rnin.'avg'max = 1/2/4 ms 



Task8 

Erase the startup conlig and reload the routers before proceeding to the next task. 



CCIE R&«, by Narvik KuehurLaiw Advanced CC1E R&S Work Book 2.0 Page 27Sofl068 

£ M09 NirbibKuch Brunt. All rijjhu rcirncd 



Advanced 
CCIE Routing & Switching 



2.0 



www. Micro nicsTraininLj.com 



Narbik Kochaiians 

CCIE #12410 
R&S, Security, SP 



Frame-relay 



CCIE R&S by Narbik KucharLaiw Advanced CCIE R&S Work Book 2.0 Page 276 of 1068 

C2009 Narbik Kuchariani. All righti rtimwl 



Lab 1 - Hub-n-Spokc using Frame-relay map 

statements 



10.1.1044 .'24 




SD.'Ci 




- 



10.1. 100 J .'24 Sfi/D 




X 



5 Ci'D 



W. 1.1002 .'24 




IP adLirL'ssiim and PLC I information Chart: 



Routers 


I l J address 


Local I) LCI 


Connecting to: 


R l's Frame- relay interface SO.'O 


ID. 1.100. 1 24 


102 
103 

104 


R2 
R3 

R4 


R2*s Frame-relay interface SO/0 


10.1.100.2/24 


201 


Rl 


R3's Frame- relay interface SO/0 


10.1.100.3 24 


301 


Rl 


R4*s Frame-relay interface SO/0 


10. 1.100.4 '24 


401 


Rl 



CCIE R&$ by Narbik Kocharian. Advanced CCIE R&S Work Book 2.0 

C2009 Narbik Kucha riani. All rijhu rtitn til 



Page 277 „f 1068 



Task I 

Configure a frame-relay Hub and spoke using frame- re lay map statements. Use the IP 
addressing in the above chart. 

Disable invcrsc-arp such that the routers do not generate invcrsc-arp request packets, and 
ensure that only the assigned DLCls arc used and mapped, these mappings should be as 
follows: 

> On Rl : 102, 103 and 104 should be mapped to R2, R3 and R4 respectively. 

> On R2. R3 and R4 : DLCls 20 1 , 30 1 and 40 1 should be used on R2, R3 and R4 

respectively ibr their mapping to Rl (The hub). 

In the future Eigrp routing protocol will be running on these routers, ensure that the 
routers can handle the Multicast traffic generated by the Eigrp routing protocol. DC) NOT 
configure any sub -interfaces to accomplish this task. 



CCIE R&«* by Narbik Kuchariaiw Advanced CC1E R&S Work Book 2.0 Page 278 of 1068 

C £009 Narbik Kucha riant. All rights roerved 



On kl 

Rl(config)#]nt SO/0 

Rl(config-it>lp address 10.1. 100.1 255.255.255.0 

Rl (config-if)# Encapsu lation frame 

Rl(config-if> Frame- re lay map ip 10.1.1 00.2 102 broadcast 

R 1 (c o n fig- if)# Frame- re lay map i p 10.1.100.3 1 3 bro adc ast 

Rl(config-if)#Framc-relay map ip 10.1.100.4 104 broadcast 

Rl(config-if)#NO frame-relay invcrsc-arp 

Rl(config-if)#NO shut 

To verify the configuration: 

On kl 

Rl#Show frame map 

SerialU/0 (up): ip 1(1.1.100.2 dlci 102(0x66,0x1860), static. 

broad east, 

CISCO, status defined, inactive 
Serial!)!) (up): ip 10.1.100.3 dlci 1 03 (0x67,0x1870), Static, 

broadcast, 

CISCO, status defined, inactive 
Serial!) (up): ip 10.1.100.4 dlci 104(0x68,0x1880), static, 

broadcast, 

CISCO, status defined, inactive 

Note you mav see DLCls 105 and 106 mapped to 0.0.0.0 IP address, these dynamic 
mappings may not affect Unicast traffic, but they will definitely affect Multicast 
and/or Broadcast traffic, therefore, they should be removed from the mapping table. 
The "clear frame-relay inarp" command will NOT have any effect on these entries, 
whereas, saving the configuration and then reloading the routers will definitely clear 
the 0.0.0.0 mappings. Another way to clear the "0.0.0.0" mapping is to remove the 
encapsulation and reconfigure the encapsulation back again, but once the 
encapsulation is removed, the frame- re lay maps are also removed, therefore, the 
frame-relay maps must be re-entered. 

On kl 



Rl#Wr 

R I ^Reload 
Rlr*Show frame man 



CCIE R&*» in Narbik kuctiurians Ad* anctd CCIE R&S Work Book 2.11 Pqge 2?9t>fIQ68 

C 2009 X«rbik Koch* riinx All rijhu raerved 



SerialOO (up): ip 10.1.100.2 did 102(0x66.0x1860). static, 
broadcast. 
CISCO, status defined, inactive 

SeiialO (up): ip 10.1.100.3 dlci 103(0x67,0x1870), static, 
broadcast, 
CISCO, status defined, inactive 

Serial!) (up): ip 10.1.100.4 dlci 104(0x68.0x1 880). static. 
broadcast. 
CISCO, status defined, inactive 

Note the inactive status means that the problem is on the other side of the VC, in 
this case the other end of these VCs are not configured yet, and once they are 
configured, the status should transition to active state. 

The following explains the output oJ the "Show frame- relay map"" command: 
In this case the first mapping is analyzed: 

SerialO (up): ip 10.1.100.2 dlci 102(0x66,0x1860), static, 
broadcast. 
CISCO, status defined, inactive 

SeriaIO/0 (up): ip 10.1.100.2: 

This is the interface through which IP 10. 1.100.2 is found. 

Did 102* '0x66,0x1 860), static: 

Dlci 102, this is the local DLCI that is mapped to 10.1.100.2. In the parentheses you 

find 2 Hexadecimal values, in this case: 0x66, 0x1860: 

If the Hexadecimal 0x66 is converted to decimal, the result is 102, which is the local 

DLCI number. 

The second Hexadecimal value 0x1860, indicates hon the DLCI is split into two 

sections "ithin the Frame-relay header, remember that the first 6 bits (The most 

significant 6 bits) are in the first byte and the last 4 bits of the DLCI, is found in the 

beginning of the second byte of the Frame-relay frame, as follows: 

Convert 0x1860 to Binary: 



1 


8 


6 





0001 


1 


0110 





Take the most significant 6 bits, in this case: 0001 10 



C'CIE R&S b* Narbik RuirharLans 



Ad* ancL-d CC1E R&S Wurk Book 2.0 
C 2009 Varbik Kucha rianx All rig h Unnerved 



Page 280 of 1068 



Take the most significant 4 bits of the second byte, in this case: Oil 

Note the most significant 6 bits of the first byte and the most significant 4 bits of the 
second byte are concatenated into a 10 bit value, as follows: 

00011001100(1 

If the above binary number is converted to decimal, you should see 102. 

On K2 

R2iconfig)#]nt S0/0 

R2 icon fig- ii>Ip address 10.1.100.2 255255.255.0 
R2(config-if)#Encapsulation frame 

R2(config-if)#Framc-rclay map ip 10. 1.100.1 201 broadcast 
R2 (c o n fig- if)#\"( ) f ra m e-r e I a y i n v erse- a rp 
R2(config-if>NO shut 

To vcritv the confix uration: 

On R2 

R2*Ping 10. 1.100.1 



Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echosto 10.1. 100. 1, timeout is2 seconds: 



Success rate is 100 percent (5/5), round-trip min.'avg'max = 56/56/60 ms 

R2#Show frame map 

ScrialO/0 (up): ip 10.1.100.1 dlci 20 l(0xC 9,0x30 90), stalk, 
broadcast, 
CISCO, status defined, active 

On K3 

R3i;config)#]nt S0/0 

R3(config-if)#Ip address 10.1.100.3 255255.255.0 

R3 (c o n fig- if)rrEncap su latio n frame 

R3(config-if)f#Framc-rclay map ip 10. 1.100.1 301 broadcast 

R3(config-if)#\0 frame-relay inverse-arp 

R3(config-it>N() shut 



CCIE R&$ by Narbik Koeharians Advanced CCIE R&S Work Book 2.0 Page 281 of 1068 

C2009 Narbik Koch* runs. All rij|hU rcirrvcd 



To verify the configuration: 

On jg 

R3#Pbg 10. 1.100.1 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echosto 10.1.100.1, timeout is 2 seconds: 
i mi 

Success rale is 1 (10 percent (5/5), round- trip rnin/avg'max = 56/56/60 ms 

R 3" Show frame map 

ScrialO/0 (up): ip 10.1. 100.1 did 3Ol(Oxl2D,0x48DO), static, 
broadcast, 
CISCO, status defined, active 

On R4 

R4(config)#Int SO/0 

R4(config)#]p address 1.0.1. 100.4 255.255.255.0 

R4 (c o n fig)#E neap su lati o n frame 

R4i;con%)n ! Framc-rclay map ip 10.1.100.1 401 broadcast 
R4(eonfig)#M) frame-relay inverse-arp 

R4(config)#NO shut 

To verify the configuration: 



On K4 

R4nShow frame map 

SerialO'O (up>: ip 10.1.100.1 dlci 401(0x191,0x6410), static, 
broadcast, 
CISCO, status defined, active 

R4*Ping 10. 1.100.1 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echosto 10.1.100.1, timeout is2 seconds: 

(MM 

Success rate is 100 percent (5/5), round-trip min/avg'max = 56 57 60 ms 



CHE R&S by Narbik Kucharians Advanced CCIE R&S Work Book 2.0 Page 282 of 1068 

C 10419 \arl>ik Kucha runt. All rnjhb reserved 



Task 2 

Ensure that every router can ping every IP address connected to the cloud. When 
■configuring this task, ensure that the hub router docs NOT receive redundant routing 
traffic . 



On Kl 

Tu test the existing con figuration: 

RlsPing 10. 1.100. 1 

Type escape sequence to abort. 

Sending 5, 100 -byte 1CMP Echos to 10. 1. 100. 1, timeout is 2 seconds: 

Success rate isO percent (0/5) 

Note in a multipoint frame-relay configuration, two conditions must be met before an 
IP address is reachable: 

A. The destination IP address must be in the routing table with a valid next hop. 

B. There must be a frame-relay mapping for that destination. 

In this case the destination IP address is in the routing table, but the frame-relay 
mapping is missing. Configure the frame-relay mapping as follows: 

On Kl 



R I (c onfig)#l nt crfacc SO'O 
Rli;config-ii>Frame-relay map ip 10.1.100.1 102 

Note there is no need to add the "broadcast'" keyword for this configuration. 
To verify the configuration: 

On Kl 

RlsShow frame map 

Serial!)!) (up): ip 10.1.100.1 dlci 102(0x66,0x1860), static, 
CISCO, status defined, active 



CCIE R&<* by Narbik Kucharians Advanced CCIE R&S Work Book 2.0 Page 283 of 1068 

C 20(19 Virbik. Kucha runs. All ri^hli raervetl 



SeiiaKI (up): ip 10.1.100.2 did 102(0x66.0x1860). static, 
broadcast. 
CISCO, status defined, active 

SerialO (up): ip 10.1.100.3 dlci 103(0x67,0x1870), static, 
broadcast, 
CISCO, status defined, active 

SerialO (up): ip 10.1.100.4 dlci 104(0x68.0x1880). static, 
broadcast, 
CISCO, status defined, active 

Rl*Ping 10.1.100.1 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echosto 10.1.1.00.1, timeout is 2 seconds: 



Success rate is 100 percent (5/5), round-trip min.'avg'max = 1 12/115/124 ms 

On R2 

R2(config-if)#] ntcrlacc S0/0 

R2i;config-iO#Frarne-relay map ip 10.1.100.3 201 
R2i;config-it>Frame- relay map ip 10.1.100.4 201 
R2it:onfig-il>Frame-relay map ip 111.1.100.2 201 

To verify the eonl'igumtion: 



On R2 

R2*Ping 10.1.100.2 

Type escape sequence to abort. 

Sending 5 r 100-bytc 1CMP Echos to 10. 1. 100.2, timeout is 2 seconds: 

MMI 

Success rate is 100 percent (5/5), round-trip min.'avg'max = 1 12/114/120 ms 

On R3 

R3<COnfig)#] ntcrlacc SO/0 

R3(config-iiyFrame-relay map ip 10.1.100.2 301 
R3i;config-ii>Frarne-relay map ip 111.1.100.4 301 
R3 (con fig- if)?* Frame- relay map ip 10.1.1003 301 



CHE R&«* by NarMk Kucharians Advanced CCIE R&S Work Book 2.0 Page 284 of 1068 

C2009 NarbikKochariaiu. All rig h Unnerved 



To verify the configuration: 




On 113 




R3*Ping 10.1.100.3 




Type escape sequence to abort. 




Sending 5 r 100-bytc 1CMP Echos to 10. 1. 100.3, timeout is 2 


seconds: 


Mill 




Success rate is 100 percent (5/5), round- trip min/avg'max = 


1 12/114/120 ms 


On R4 




R4i;config)#]ntcdacc SO/0 




R4(config.if>Frame-relay map ip 1(1.1.100.2 4111 




R4iconfig-il>Fi ame-i elay map ip 10.1.1003 401 




R4iconfig-il>#Fi ame-i elay map ip 10.1.100.4 401 




Note when configuring the frame-relay mapping from one spoke to another spoke, the 


'"broadcast" keyword should not he used, if this keyword 


is used, the hub router will 


receive redundant routing traffic. This can he verified by 


running RIPv2 and 


performing a "debug ip rip"" command on the hub router 




To verify the configuration: 




On R4 




R4#P3ng 10.1.100.2 




Type escape sequence to abort. 




Sending 5, 100-bytc [CMP Echos to 10. 1. 100.2, timeout is 2 


seconds: 


(MM 




Success rate is 100 percent (5/5), round-trip min/avg'max = 


112/112/1 16 ms 


R4*Ping 10.1.100.3 




Type escape sequence to abort. 




Sending 5, 100-bytc 1CMP Echos to 10. 1. 100.3, timeout is 2 


seconds: 


MM* 




Success rate is 100 percent (5/5), round-trip min/avg'max = 


1 12/112/116 ms 


R4#Ping 10. 1.100.4 





CCIE R&* by Narhflc Kuchariaiw Advanced CCIE R&S Work Book 2.0 Page 285 of 1068 

C2009 NarbikKo durum All riflhu raervetl 











Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 10. 1. 100.4, timeout is 2 seconds: 

| MM 

Success rate is 100 percent (5/5), round-trip min/avg'max = 1 12/113/120 ms 

On R3 

R3#Ping 10.1.100.2 

Type escape sequence to abort. 

Sending 5 , 100-bytc ICMP Echos to 10. 1. 100.2, timeout is 2 seconds: 

| M (I 

Success rate is 100 percent (5/5), round-trip min/avg'max = 1 12/112/1 16 ms 






Task 3 

Configure the routers such that the LM1 status inquiries arc sent every 5 seconds and Full 
Status LM1 requests arc sent every 3 cycles instead of 6. 








By default frame-relay routers generate LMI Status inquiries every 10 seconds, and 
a full status inquiry every 6" cycle (Every 60 seconds). The interval for status 
inquiries can be changed using the "Keepa live'' command, whereas, the "Frame- 
relay Imi-n391dte'" command can be used to change the interval for the complete 
status inquiries. 

NOTE the output of the following debug command reveals the status in qui lies and 
full status inquiries: 

On Rl 

R If* Debug frame lmi 

♦Nov 24 19:59:57.407: Scria 10/0 (out): StEnq, myscq 125, jmirsccn 124, DTE up 
♦Nov 24 19:59:57.407: datagramstart = Ox3F401ED4, datagramsizc= 14 
*Nov24 19:59:57.407: FR encap = 0x000 10308 
♦Nov 24 19:59:57.407: 00 75 95 01 01 01 €3 02 7D 7C 

♦Nov 24 19:59:57.41 1: Scria 10/0 (in): Status, myscq 125, pak size 14 

♦Nov 24 19:59:57.41 1: RT IE 1 , length 1 , type'l 

♦Nov 24 19:59:57.41 1: KA IE 3, length 2 r yourscq 125, myscq 125 




cc 


IE R&«* b> Narfaflc KoeharLami Advanced CCIE R&S Work Book 2.0 Page 286 of It 

C 2009 Varbik. Kucha ria in. All riyhli reserved 


*6i 

















♦Nov 24 20:00:07.407: 


Scria 10.' (out): StEnq, myscq 126. yoursccn 125, DTE up 








♦Nov 24 20:00:07.407: 


datagramstart = 0x3F6B0294, datagramsizc = 14 








♦Nov 24 20:00:07.407: 


F Ren cap =0x00010308 








♦Nov 24 20:00:07.407: 


00759501 01 01 03027E7D 








♦Nov 24 20:00:07.411: 


ScrialO.'O(in): Status, myscq 126, pak size 14 








♦Nov 24 20:00:07.411: 


RT1E 1, length 1, type 1 








♦Nov 24 20:00:07.411: 


KA IE 3, length 2, yourscq 126, myscq 126 








♦Nov 24 20:00: 17.407: 


ScrialO.'O(out): StEnq, myscq 127, yoursccn 126, DTE up 








♦Nov 24 20:00:17.407: 


datagramstart = 0x3F400C 14, datagramsizc= 14 








♦Nov 24 20:00: 17.407: 


FR encap = 0x000 10308 








♦Nov 24 20:00:17.407: 


00759501 01 01 03027F7E 








♦Nov 24 20:00:17.407: 










♦Nov 24 20:00: 17.411: 


Scria 10/0 (in): Status, myscq 127, pak size 14 








♦Nov 24 20:00:17.411: 


RT IE 1, length 1, type 1 








♦Nov 24 20:00:17.411: 


KA IE 3, length 2, yourscq 127, myscq 127 








♦Nov 24 20:00:27.407: 


ScriaK)'O(out): StEnq, myscq 128, yoursccn 127, DTE up 








♦Nov 24 20:00:27.407: 


datagramstart = 0x3F6AF394, datagramsizc = 14 








♦Nov 24 20:00:27.407: 


FRcncap =0x000 10308 








♦Nov 24 20:00:27.407: 


00 75 95 01 01 01 03 02 80 7F 








♦Nov 24 20:00:27.407: 










♦Nov 24 20:00:27.411: 


ScrialO.'O(in): Status, myscq 128, pak size 14 








♦Nov 24 20:00:27.411: 


RT IE 1, length 1. type 1 








♦Nov 24 20:00:27.411: 


KA IE 3 S length 2, yourscq 128, myscq 128 








♦Nov 24 20:00:37.407: 


ScrialO.'O(out): StEnq, myscq 129, yoursccn 128, DTE up 








♦Nov 24 20:00:37.407: 


datagramstart = 0x3F644ED4, datagramsizc = 14 








♦Nov 24 20:00:37.407: 


FRcncap =0x000 10308 








♦Nov 24 20:00:37.407: 


00 75 95 01010103 02 81 80 








♦Nov 24 20:00:37.407: 










♦Nov 24 20:00:37.411: 


Scria 10/0 (in): Status, myscq 129, pak size 14 








♦Nov 24 20:00:37.411: 


RT IE 1, length 1, type 1 








♦Nov 24 20:00:37.411: 


KA IE 3, length 2, yourscq 129, myscq 129 








♦Nov 24 20:00:47.407: 


Scria 10/0 (out): StEnq, myscq 130, yoursccn 129, DTE up 








♦Nov 24 20:00:47.407: 


datagramstart = 0x3F6B03D4, datagramsizc = 14 








♦Nov 24 20:00:47.407: 


FRcncap =0x11)010308 








♦Nov 24 20:00:47.407: 


00 75 95 010100 03 02 82 81 








♦Nov 24 20:00:47.419: 


Scria IO/0( in): Status, myscq 130, pak size 59 








♦Nov 24 20:00:47.419: 


RT1E 1, length 1, type 








♦Nov 24 20:00:47.419: 


KA IE 3, length 2, vourscq 130, mvscq 130 






cc 


IER&£b\ NarbikKuL-hariati!. AihancLd CC1E R&S \Wk Buok 2.IJ Page 28' 


'of It 


168 




C 2009 Nirbik. Kutlnriini. All rights rcirrvwi 





♦Nov 24 20:00:47.419: PVC IE 0x7 , length 0x3 , dlci 102, status 0x2 
♦Nov 24 20:00:47.419: PVC IE 0x7 , length 0x3 , dlci 103, status 0x2 
♦Nov 24 20:00:47.419: PVC IE 0x7 , length 0x3 , dlci 104, status 0x2 
*Nov 24 20:00:47.419: PVC IE 0x7 , length 0x3 , dlci 105, status 0x0 
♦Nov 24 20:00:47.419: PVC IE 0x7 , length 0x3 , dlci 106, status 0x0 

Note the status inquiries are sent every 10 seconds, these messages are "type Is", 
whereas, the complete status inquiries are generated by the local router every 6 ' 
cycle, these message are "type ()'" messages, and when the frame-relay switch 
receives these messages it responds with all the DLCIs that are configured for that 
given router. 

To i'han»i' thi'si' timers: 



On all roiiti'rs 

(config)#]nteriacc S0/0 
j config-iOr'Keepalive 5 
(conlig-it^Fra me- relay Imi-n391dte3 

To test the i-ontljjuration: 

RxfrDcbug frame LM1 

♦Nov 24 20: 13:52.4 1 1 : ScrialO/Ofout): StEnq, myscq 22 1 , youreccn 220, DTE up 
♦Nov 24 20:13:52.41 I : datagramstart = 0x3F6AEFD4, datagramsizc = 14 
♦Nov 24 20: 1 3:52.4 1 1 : FR encap = 0x000 1 0308 
♦Nov 24 20:13:52.41 1:00 75 95 01 01 (II 03 02 DD DC 

♦Nov 24 20:13:52.415: ScrialO/0(in): Status, myscq 221, pak size 14 

♦Nov 24 20:13:52.415: RT IE 1, length 1, type 1 

♦Nov 24 20: 1 3:52.4 1 5: K.A IE 3, length 2, yourscq 22 1 , myscq 22 1 

♦Nov 24 20:13:57.41 1: Scria 10/0 (out): StEnq, myscq 222, youreccn 22 1, DTE up 
♦Nov 24 20:13:57.41 1: datagramstart = Ox3F400D54, datagramsizc = 14 
♦Nov 24 20: 1 3:57.4 1 I : FR encap = 0x000 1 0308 
♦Nov 24 20:13:57.41 1: 00 75 95 01 01 (II 03 02 DE DD 

♦Nov 24 20:13:57.415: Scria 10/0 (in): Status, myscq 222, pak size 14 

♦Nov 24 20:13:57.415: RT IE 1, length L type'l 

♦Nov 24 20: 1 3:57.4 1 5: KA IE 3 4 length 2, yourscq 222, myscq 222 

♦Nov 24 20:14:02.41 1: ScrialO/0(out): StEnq, myscq 223, youreccn 222, DTE up 



CCIE R&S, by NurMk Kucharians Advanced CCIE R&S Work Book 2.0 Page 238 of 1068 

C 20(19 Xarbik Koch* runs. All rishUmervetl 



♦Nov 24 20:14:02.41 1: datagramstart = 0x3F6AF394, datagramsizc = 14 
*Nov 24 20: 1 4:02.4 1 I : FR cncap = 0x000 1 0308 

♦Nov 24 20:14:0241 1: 00 75 95 01 01 00 03 02 DF DE 

*N"ov24 20:14:02.423: ScrialO.'O(in): Status, myscq 223, pak size 59 
*Nov 24 20:14:02.423: RT IE 1, length I, typed 
♦Nov 24 20:14:02.423: KA IE 3, length 2, yourscq 223, myscq 223 
♦Nov 24 20:14:02.423: PVC IE 0x7 , length 0x3 , dlci 102" status 0x2 

♦Nov 24 20:14:02.423: PVC IE 0x7 , length 0x3 , dki 103, status 0x2 
♦Nov 24 20:14:02.423: PVC IE 0x7 , length 0x3 , dlci 104, status 0x2 
♦Nov 24 20:14:02.423: PVC IE 0x7 , length 0x3 , dlci 105, status 0x0 
♦Nov 24 20:14:02.423: PVC IE 0x7 , length 0x3 , dki 106, status 0x0 

Note initially the router and the frame-relay switch exchange two "type 1" inquiries, 
and the third message that the local muter generates is a "type ()'" messages which 
tells the switch to respond with all the DLCls. 



Task 4 

Erase the startup configuration and reload the routers before proceeding to the next lab. 



CCIE R&5> by \nrUk Kuehariaiw Advanced CCIE R&S Work Book 2.0 Page 289 of 1068 

C 2009 Narbik Kucha riaiu. All rijjhu ri-irrvcU 



Lab 2 - Hub-n-Spokc using Frame-relay Point- 



to -Point configuration 




SQ/0.12 10.1.12.1/24 
i S0/Q.13 10.1.13.1/24 
^9Q«X14 10.1,14.1/24 



10.1.144/24 




styo.41 




IP mi circs sin" and PLC I information Chart: 



Routers 


I l J address 


Local DLCl 


Connecting to: 


RTs Frame- relay interface 


lO.l.lli (24 

I0.U3.1 24 
I0.1.14.1 24 


102 

103 
104 


R2 
R3 
R4 


R2*s Frame- relay interface 


10.1.12.2/24 


201 


Ri 


R3's Frame- relay interface 


10. 1.13.3 24 


301 


RI 


R4*s Frame- relay interface 


10.1.14.4/24 


401 


RI 



CCIE R&«* by Narbik Kuchariaiw Advanced CCIE R&S Work Book 2.0 

C2009 Narbik Kucha rianx All rijhu rtitn til 



Page 290 of 1068 



Task 1 

Configure the routers in a hub and spoke manner using the IP addressing in the above 
chart. 

These routers should be configured with Point-to-point sub- interface's, and ensure that 
only the assigned DLCls arc used, these DLCls should be as follows: 

> On Rl: 102, 103 and 104 should be used tor connections to R2, R3 and R4 
respectively. 

> On R2, R3 and R4: DLCls 20 1 , 30 1 and 40 1 should be used on R2 r R3 and R4 
respectively for their connection to Rl (The hub). 

These routers should be able to ping every IP address within their IP address space. 



On \U 

Rl(eonfig)#Intcrfaec SO/0 
Rl(config-if)# Encap frame 
R! fconfig-itVNo shut 
Rli;config-ii>Exit 

Rlfconfig ^Interface SOU 12 point-to-point 
RKconfig-subii^Ip address 10.1.12.1 255.255.255.0 
R 1 iconfig-subif)#Framc-rclay intcrfacc-dlci 102 
Rli;config-subif)#Exit 

Rl i;config-subif)#lnterfacc SO 0.1 3 point-to-point 
Rl(config-subif)#Ip address 10.1.13.1 255.255.255.0 
R I iconfig-subif!i#Framc-rclay intcrfacc-dlci 103 
Rl(config-subif)#Exit 

R 1 (c o n fig-s ub if)#l ntcrfacc SO.'0 . 1 4 po i nt - to - p o in t 
RKconfig-subiiVlp address 10.1.14.1 255.255.255.0 
Rl (config-subif)T* Frame-relay intcrfacc-dlci 104 
R 1 iconfig-subif)#Exit 



To verify the configuration: 



On Rl 



Rl^Show frame map 



CCIE R&<> b\ NarMk Koehuriuiw Adt uiccd COE R&S Work Book 2.0 Page 291 of 1068 

CM X«rbik Koch* riinx All rig h Unnerved 



ScrialO. 0.12 (up): point-to-point dlci, dlci 102(0x66,0x1860), broadcast 

status defined, active 
ScrialO/0.14 (up): point-to-point die i, dlci 104(0x68,0x1880), broadcast 

status defined, active 
ScrialO/0.13 (up): point-to-point dlci, dlci 103(0x67,0x1870), broadcast 

status defined, active 

Note %v3i u:i frame-relay is configured in a point-to-point manner it's important to 

understand the follow ing two behaviors: 

A. There is no need to disable sending inverse-arp packets, because inverse-arp 
is disabled when frame-relay is configured in a point-to-point manner. 

B. No need for frame-relay mapping's, because there can only be another routei 
on the other end of the PVC, therefore, all IP addresses (This includes the 
local router's IP address) are reachable as long as the destination IP address 
is in the muting table with a valid next hop IP address. 

On R2 

RZiconfig^Int SO/0 
R2(config-if)#Encap frame 
R2(config-if>No shut 
R2iconfig-ifVExit 

R2(config)#]nt SO/0.21 point-to-point 
R2i;config.subif')#Ip address 10.1.122 255.255.255.0 
R2fconfig-subif)#Framc-rclay interface-die i 20 1 
R2(config-subif)#Exit 

10 verity and ti'.st the eontl miration: 

On R2 

R2"Show frame map 

ScrialO/0.21 (up): point-to-point dlci, dlci 201 (OxC 9,0x3090), broadcast 
status defined, active 

R2*Ping 10.1.12.1 

Type escape sequence to abort. 

Sending 5. 100-bytc fCMP Echosto 10. 1. 12.1 , timeout is 2 seconds: 



COE R&S by NarMk Kucharians Advanced CCIE R&S Work Book 2.0 Page 292 of 1068 

C 2009 Varbik Kucha rum. All rij;hu raerved 



Success rate is 100 percent (5:5), round-trip min/avg'max = 56/56/60 ms 

R2#Ping 10. 1.1 2.2 

Type escape sequence to abort. 

Sending 5, 100-bytc 1 CMP Echosto 10.1.12.2, timeout is2 seconds: 



Success rate is 100 percent (5/5), round-trip rnin/avg'max = 1 12/114/120 ms 

On K3 

R3(config)#]nt SO/0 
R3(config-if)# Encap frame 
R3(config-if)# No shut 
R3(config-ii> Exit 

R3(config')#Int SO/0.31 point-to-point 
R3(config-subif)#lp address 10.1.13.3 255.255.255.0 
R3(config-SLibii)#Framc-rclay intcrfacc-dlci 301 

To verify and test the configuration: 



On K3 

R3^Sho\v frame map 

ScrialO/0.31 (up): point-to-point dlci, did 301(0xl2D,0x48D0), broadcast 
status defined, active 

R3*Ping 10. 1.1 3.1 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echos to 10. 1. 13. 1 „ timeout is 2 seconds: 

(MM 

Success rate is 1 HO percent (5/5 ), round-trip min/avg'max = 56/56/60 ms 
R3#Phg 10.1.13.3 



Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echosto 10.1.13.3, timeout is 2 seconds: 



Success rale is 100 percent (5/5), round-trip min/avg'max = 1 12/114/120 ms 



CHE R&S by Narbik Kuchariuiw Advanced CCIE R&S Work Book 2.0 Page 293 of 1068 

C MOD >iarbik Kucharuni. All rijjhU rcirnMl 



On R4 

R4(config)#]nt SO/0 

R4 (con fig- if)#E neap frame 

R4(config-ii>*Xo shut 

R4(config-if)#Exit 

R4(config)#Int SO. 0.41 point-to-point 
R4(config-subif)#lp address 10.1.14.4 255255.255.0 
R4(config-subii)#Framc-relay intcrlacc-dki 40 1 

To verify and test the configuration: 

On K4 

R4#Sho\v frame map 

ScrialO/0.4 1 (up): point-to-point dki, dlci 40 1 (0x1 9 1 ,0x64 1 0), broadcast 
status defined, active 

R4*Ping 10.1.14.1 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echos to 10. 1. 14. 1, timeout is 2 seconds: 



Success rate is 100 percent (5/5), round-trip min/avgmax = 56/56/60 ms 

R4*Ping 10. 1.14.4 

Type escape sequence to abort. 

Sending 5, 100-bytc 1 CMP Echos to 10.1.14.4, timeout is 2 seconds: 



Success rate is 100 percent (5/5), round-trip min/avg'max = 1 12/114/120 ms 



Task 2 

Erase the startup configuration and reload the routers before proceeding to the next lab. 



CCIE R&* by \nrUk Kuehariaiw Advanced CC1E R&S Work Book 2.0 Page 294 of 1068 

C 2009 Narbik Kucha rianx All rijjhu rcitrved 



Lab 3 - Mixture of Point-to-point and 
M ultip oin t lira mc-rcl a y 




SO/0. 14 S0.-0.123 
10.1.14.1 HA ,10.1.123.1 I2A 




W addressing and L.U.CI information Chart: 



RoUtei'S 


I V address 


Local DLCI 


Connecting to: 


Rl ^s Frame-relay interface 


10 A, 123 J 24 

10.1.123.1,24 
10.1.14.1 24 


102 
103 

104 


R2 

R4 


R2*s Frame- relay interface 


10.1.123.2/24 


201 


Ri 


R3 : s Frdmc- relay interface 


10.1.123.3 24 


301 


Rl 


R4'$ Frame- relay interface 


10.1.14.4 '24 


401 


Ri 



CCIE R&«* by NarMk KocharLaiH Advanced CCIE R&S Work Book 2.11 

C 20419 Narbik Kucha runt. All rryhb rwervwl 



Page29St>fJ068 



Task 1 

Configure frame-relay on the routers as follows: 

Rl: This router should be configured in a point-to-point manner for it's 

connection to R4 and in a Multipoint manner for its connection to R2 and R3. 
Use the IP addressing and DLCI information in the above chart. 

R2i This router should be configured in a point-to-point manner for its connection to 
Rl. Use the IP addressing and DLCI information in the above chart. 

R3: This router should be configured using its main interface for its connection 
to Rl. Use the IP addressing and DLCI information in the above chart. 

R4: This router must be configured in a point-to-point manner for its connection 
to Rl. Use the IP addressing and DLCI information in the above chart. 

Disable inverse- arp where appropriate. These routers should be able to ping even,' IP 
address within their IP address space. 



On Rl 






Rl(config)*IntSO/0 

R 1 (config-if)# Eneap frame 

Rlfconfig-itVN'o shut 

Rli;config-it>Exit 






R 1 (c o n fig-s ub if)#l nt SO/0 .123 mu It ipo i nt 
Rl(config-subif)#Ip address 10. 1.P3.1 251 
Rl ( c o n fig-s ubif)# Frame- relay map ip 10.1 
Rl (config-subif)#Frame-relay map ip 10.1 


123.2 102 

123.3 103 


Rlfconfig^lnt SO 0.14 point-to 
Rl ( con fig-sub if)?* Ip address 10. 
R 1 (c o n fig-s ub if )?? F ra me- r el ay 


-point 

1.14.1 255.255.255.0 

interface-dlci 104 


On R2 






R2(config)??]nt SO/0 
R2(config-if)# Eneap frame 
R2(config-if)#N'o shut 
R2(config-if)#Exit 






R2i;config)#]nt SO. 0.21 point-to 


■point 





CCIE R&S b) Narbik Kudiariaiis Ad\ ancid CCIE R&S Work Buuk 2.11 Page 296 a/1068 

C 2009 Narbik Kucha riaiu. All rig h Unnerved 



R2(config-subif)# Ip address 10.1.123.2 255.255255.0 
R2(config-subif)# Frame- relay interface- dlci 201 

Note there is no need to disable sending in verse- a ip, because it's disabled when a 
sub- interlace is configured. 

To test and verify the configuration: 

On R2 

R2f*Shcnv frame- relay map 

ScrialO/0.2 1 (up): point-to-point dlci, dlci 20 1 (OxC 9 ,0x3090), broadcast 
st at li s defin cd , ac t ivc 

R2*Ping 10. 1 .123.1 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echosto 10.1.123.1, timeout is2 seconds: 



Success rate is 100 percent (5<5)> round-trip min/avg'max = 56/57/60 nis 

On \Q 

R3(config)#]nt SO/0 
R^fconfig-if^Encap frame 

R3(config-ilVlp address 10.1.123.3 255.255.255 J) 
R3(config-if)#Frame-relay map ip 10.1.123.1 301 
R3iconfig-il>Frame-relay map ip 10.1.123.2 301 
R3(config-if>Frame-relay map ip 10.1.1 23 J 301 
R3(config-if)f#No frame-relay inverse-arp 
R3(config-if)#No shut 

To verify and test the configuration: 



Note inverse-arp should be 
Disabled because the configuration 

On R3 is done directly under the main 

interface 

R3#Shojw frame map 

ScrialO/0 (up): ip 10.1.123.1 dlci 30 1(0x1 2D, 0x4 8 DO), static, 
CISCO, status defined, active 



CCIE R&*> by Narbik Kuchariuiw Advanced CCIE R&S Work Book 2.0 Page 29? of 1068 

C 20419 Narbik Kuchiriani. All rij[hu reserved 



ScrialO/0 (up): ip 1 0.1. 123.2 die i 30 1(0x1 .2D, 0x4 8 DO), static, 
CISCO, status defined, active 

ScrialO/0 (up): ip U). 1.123.3 dlci 30 1(0x1 2D, 0x4 8 DO), static, 
CISCO, status defined, active 

R3*Ping 10. 1. 123.2 

Typ* escape sequence to abort. 

Sending 5, 100-bytc ICMP Echosto 10.1.123.2, timeout is2 seconds: 

(MM 

Success rate is 1(H) percent (5/5), round-trip min/avg'max = 1 12/113/1 16 ms 

R3#Pigg 10. 1.123.3 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echosto 10.1.123.3, timeout is 2 seconds: 

I M M 

Success rate is KKI percent (5/5), round-trip min/avgmax = 1 12/114/120 ms 
R3*Ping 10.1.123.1 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echosto 10.1.1.23.1, timeout is 2 seconds: 


Success rate is 100 percent (5/5), round-trip min/avgmax = 56/56/60 ms 
On K4 

R4(config)#Jnt S0/O 
R4(config-if)f#Encap frame 
R4(config-if)f#No shut 
R4(config-if)#Exit 

R4(config)#Int SO/0.41 point-to-point 
R4(config-subif)#]p address 10.1.14.4 255.255.255.0 
R4(config-subif)#Framc-rclay intcrfaec-dki 40 1 

To verify and test the configuration: 



On R4 



R4"Sho\v frame map 



CCIE R&S by NarMk Kuc-harLans Advanced CCIE R&S Work Book 2.0 Page 298 of 1068 

C 2009 Xarbik Kuchiriani. All rig lib raerved 



ScrialO/0.4 1 (up): point-to-point dfci, dlci 40 1 (0x1 9 1 ,0x64 1 0), broadcast 
status defined, active 

R4*Ping 10.1.14.1 

Type escape sequence to abort. 

Sending 5. 100-bytc 1CMP Echos to 10. 1. 14. 1, timeout is 2 seconds: 

MM* 

Success rate is 100 percent (5/5), round-trip min/avg max = 56/56/60 ms 

R4#Pjag 10.1.14.4 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echos to 10.1.14.4, timeout is 2 seconds: 

(MM 

Success rate is 100 percent (5/5), round-trip min/avg'max= 1 12/114/120 ms 



Task! 
Erase the startup configuration and reload the routers before proceeding to the next lab. 



CCIE R&«> by \nrUk Kuehariaiw Advanced CCIE R&S Work Book 2.0 Page 299 of 1068 

C 2009 Narbik Kucha riaiu. All rijjhu rcirncd 



Lab 4 - Multipoint Frame-relay With Out 
Frame-relay mapping 



10.1.1004/24 




SO/0 




10.1100.1 Hi so/0 



- 




10,1.1 003/24 SO/0 




> 



10.1100.2/24 



SGJO 




IP addressing and PLC I infot mation Chart: 



Routers 


I l J address 


Local DLCI 


Connecting to: 


RTs Frame- relay interface 


10.1.100.1 24 


102 
103 

104 


R2 
R3 

R4 


R2*s Frame- relay interface 


10.1.100.2 '24 


201 


Rl 


R3 ! s Frame- relay interface 


10.1.100.3/24 


301 


Rl 


R4'S Frame- relay interface 


10.1.100.4/24 


401 


Rl 



CCIE R&S by Narbik K.u char Lam Advanced CCIE R&S Work Book 2.11 

C2Q09 Virbik Kucha riani. All rijhu reserved 



Page 300 of 1068 



Task 1 

Configure the routers in a hub and spoke manner, with Rl as the hub and R2. R3 and R4 

as the spokes. 

Ensure that these routers have full reachability to each other with out using the "iramc- 

rclay map" command. 

Do not use PBR to accomplish this task. 



In the following solution PPPis configured on the DLCIs, when PPP is configured a 
host route is injected into the muting table, this host mute provides NLRI to the 
next hop IP address. 

On Rl 



R! feonfig^lntcrfacc SO'O 

R 1 (c o n fig- if)#Encap fra me- relay 

R! (config-if)#Frame-relay interface-dlci 102 ppp \ irtual-Templatel 

R I ic o n fig- if)#Fra me- relay interface-dlci 103 ppp Virtual- Template! 

Rl icon fig- if)r#Fra me- relay interface-dlci 104 ppp Virtual- Template! 

Rl(config)#]ntcrfacc Virtual- temp late 1 
RKconfig-ifVlp address 10.1.100.1 255.255.255.0 

On R2 

R2(config)#]nterfacc SO 

R2 fc o n fig- if)#E neap fra me- relay 

R2 (con fig- if)rrFranie- relay interface-dlci 201 ppp Virtual- tern plate 2 

R2 icon fig ^Interface Virtual- temp late 2 
R2iconfig-if>]p address 10.1.100.2 255.255.255.0 

On R3 

R3fconfig)#]ntcrfacc SO/0 

R 3 ( co n fig- if)#Encap fra me- relay 

R3(config-if)f#Frame-relay interface-dlci 301 ppp Virtual-template 3 

R3(config)#]ntcrfacc Virtual- temp late 3 
R3i;config-it>Ip address 10.1.100.3 255.255.255.0 

On R4 

R4 fc o n fig )* 1 nt crlkcc SO/ 



CCIE R&*» b\ Narbik KuL-harLaiis Adt uiccd CC1E R&S Work Book 2.0 Page 301 a/1068 

C 2009 Narbik Kacluiruiiu. All rig h Unnerved 



R4(config-if)# Encap frame-relay 

R4 (c o n fig- if)#Fra me- relay interlace-dlei 401 ppp \ irtual-template 4 

R4(config)#]ntcrtacc Virtual- temp late 4 
R4(config-if)#Ip address 10.1.100.4 255255.255.0 

To verify and test the configuration: 

On Rl 

The injected host routes 

RlsShow ip route i Inc .'32 




C 10.1 .1 00.4/32 j^tr^y-mptTcctcd, Virtual-Acccss4 

C 10. 1.10 0. 3/32 WtfvvptXfca n nee ted , Vi rtual -Access 3 

1 0. 1.10 0. 2'3 2 urtTircc t ly co n n cc ted , Vi rtual -Ace ess 2 

ftlfPilg 10. 1. 100.2 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 10. 1. 100.2, timeout is 2 seconds: 

Success rate is 100 percent (5/5), round-trip min.'avg'max = 56/58/60 ms 

Rigging 10. 1.100.3 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echosto 10.1.100.3, timeout is 2 seconds: 

( (I M 

Success rate is 100 percent (5/5), round-trip min.'avg'max = 56/57/60 ms 

ftlfPjng 10. 1. 100.4 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echosto 10.1.100.4, timeout is2 seconds: 

I M M 

Success rate is 100 percent (5/5), round- trip min.'avg max = 56/57/60 ms 

On K2 

R2f*Show ip route 1 Inc .'32 

C 10. 1.100. 1/32 is directly connected, Virtual -Ace ess 2 

R2*Piny 10.1.100.1 



CCIE R&* by NarWk Kueharians Advanced CCIE R&S Work Book 2.0 Page 302 of 1068 

£204)9 Xarbik Kuchiriani. All rij[hU rcirnul 



Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echosto 10.1.100.1, timeout is 2 seconds: 



Success rate is 100 percent (5/5), round-trip min/avg'max = 56/57/60 ms 

R2*Ping 10.1.100.3 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echosto 10.1.100.3, timeout is2 seconds: 



Success rate is 100 percent (5/5), round-trip min/avg'max = 1 12/115/1 16 ms 

R2#Ping 10.1.100.4 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echosto 10.1.100.4, timeout is2 seconds: 



Success rate is 100 percent (5/5), round-trip min/avg'max = 1 12/113/1 16 ms 
On K3 

R3*Shov,v ip route Inc. 32 

C 10. 1.100. 1/32 is directly connected, Virtual -Ace ess 2 

R3*Ping 10. 1.100.1 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echos to 10. 1. 100. 1, timeout is 2 seconds: 



Success rate is 100 percent (5/5), round-trip min/avg'max = 56/57/60 ms 

R3*P]ng 10. 1.100.2 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echosto 10.1.100.2, timeout is2 seconds: 

Mill 

Success rate is 100 percent (5/5), round-trip min/avg'max = 1 12/115/1 16 ms 

R3*Ping 10.1.100.4 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echosto 10.1.100.4, timeout is 2 seconds: 



CeiE R&«* by Nartiik Kucharians Advanced CCIE R&S Work Book 2.0 Page 303 of 1068 

C2009 Narbik Kucha riaiu. All rij|hU rcirrvwl 



Success rate is 100 percent (5/5), round-trip min/avg'max = 1 12/115/1 16 ms 

On K4 

R4f*Show ip route 

C 1 0. 1 .1 00. 1/32 is directly connected, Virtual -Access 2 

R4*Ping 10.1.100.1 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echosto 10.1. 100. K timeout is 2 seconds: 

| MM 

Success rate is 100 percent (5/5), round-trip min/avg'max = 56/57/60 rns 
R4*Ping 10. 1.100.2 



Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 10. 1. 100.2, timeout is 2 seconds: 

(MM 

Success rate is 100 percent (5/5), round-trip min/avg'max = 1 12/114/1 16 ms 
R4*Ping 10.1.100.3 



Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 10. 1. 100. 3, timeout is 2 seconds: 

I M M 

Success rate is 100 percent (5/5), round-trip min/avg'max = 1 12/1 14/1 16 ms 



Task 2 

Erase the startup configuration and reload the routers before proceeding to the next lab. 



CCIE R&* by \nrUk Kuehariaiw Advanced CCIE R&S Work Book 2.0 Page 104 of 1068 

C 2009 Narbik Kucha rianx All rijjhu rcitrved 



Lab 5 - Frame-relay and Authentication 



10.1.144/24 




SG0.41 




SO/0.12 10,1.12.1/24 

i S0/Q.13 10.1.13.1/24 

^80/0.14 10.1.14.1/24 




X 



1M.1Z2 24 



50jU21 



1M.1 3.3/24 SO/031 





ll* addressing and DLCl information Chart: 



Routers 


I l J address 


Loeal DLCl 


Connecting to: 


RTs Frame- relay interface 


lO.l.lll 24 
10. 1. Ill 24 
10. 1.14. 1 24 


102 
103 

104 


R2 
R3 
R4 


R2*s Frame- relay interface 


10. 1.1 2.2 .'24 


201 


Rl 


R3 ! s Frame-relay interface 


10.1.13.3 24 


30! 


Rl 


R4*s Frame- relay interface 


10.1.14.4 '24 


401 


R] 



COE R&*> by NarhOc Koehariaiw Advanced CCIE R&S Work Book 2.0 

C 2009 Virbik Kucha riim All righu reserved 



Page 30S of 1068 



Task I 

Configure the routers in a hub and spoke manner using the IP addressing in the above 
chart. 

These routers should be configured in a Point -to -Point manner as follows: 

r On Rl : DLCIs 1 02, 103 and 1 04 should be used for it's connection to R2, R3 and 
R4 respectively. 

> On R2, R3 and R4: DLCIs 20 1 , 30 1 and 40 1 should be used on R2, R3 and R4 

respectively for their point-to-point frame-relay connection to Rl iThc hub). 



On kl 

Rl(eonfig)#Jntcrfaec SO 
Rl(config-if)r#Encap frame 
Rlfconfig-if^Noshut 

R 1 fconfig)#] nt crfacc SOO. 1 2 poi nt-to -point 
Rli;config-subif)#lp address 10.1.12.1 255.255.255.0 
Rl (config-subif)#Framc-relay interface-die i 102 
Rl(config-subif)#Exit 

Rl(config)#]ntcriacc SO 0.13 point-to-point 
Rl(config.subif)# lp address 1 0.1 . 13. 1 255.255.255.0 
RI(config-subif)#Framc-rclay intcrfaec-dlci 103 

Rl(config)#]ntcriacc SO0. 14 point-to-point 
Rl(config-subif)#]p address 10.1.14.1 255.255.255.0 
Rl (config-s Lib if)#Framc- relay intcrfaec-dki 104 



'I'o verify the configuration: 



On Rl 



R I "Show frame map 

ScriaHl/0.12 (up): point-to-point dtei, did 102(0x66,0x1860), broadcast 

status defined, active 
SerialO/0.13 (up): point-to-point dlci, did 103(0x67,0x1870), broadcast 

status defined, active 
ScrialO/0.14 (up): point-to-point dlci, did 104(0x68,0x1880), broadcast 

status defined, active 



CCIE R&l*> b) Narhlk Kuchai-ians Adt anced OCIE R&S Work Book 2.0 Pqge 306 of 1068 

C 20(19 NarbikKocharianx All rijhu raerved 



On R2 

R2(config)#]nt SO/0 
R2(config-if)#Encap frame 
R2(config-if)£Na shut 

R2(config)#lnt SO/0.21 point-to-point 
R2(config-subif)#lp address 10.1.122 255255.255.0 
R2(config-subif)#Framc-rclay interfacc-dlci 20 1 

10 verify and test the configuration: 
On R2 

R2f*Show frame map 

ScrialO/0.21 (up): point-to-point dlci, dlci 201 (OxC 9,0x3090), broadcast 
status defined, active 

R2*Ping 10.1.12.1 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echos to 10. 1. 12. 1, timeout is 2 seconds: 

(MM 

Success rate is 100 percent (5/5), round-trip min/avg max = 56/56/60 ms 

On K3 

R3(config)#]nt SO/0 

R 3 (c o n fig- if)f#Enc ap fra me 

R3(config-ii)# No shut 

R3(coniig)#Int SO/0.31 point-to-point 
R3i;con%-subif»#]p address 10.1.13.3 255.255.255.0 
R3(config-subif)#Framc-relay interfacc-dlci 301 

To verify and test the configuration: 

On R3 

R3#Show frame map 

ScrialO'0/0.31 (up): point-to-point dlci, dlci 301(0xl2D,0x48D0), broadcast 



CCIE R&<> by NarMk Kuehariaiw Advanced CCIE R&S Work Book 2.0 Page 30? of 1068 

C 2009 Narbik Kuchiriini. All rights reserved 



status defined, active 

BJgPjmg 10.1.13.1 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echos to 10. 1. 13 I. timeout is 2 seconds: 

MM* 

Success rate is 100 percent (5/5), round-trip min/avg'max = 56/56/60 ms 

On R4 

R4(config)#]nt SO/0 
R4(config-if)#Encap frame 
R4(config-il)#Xo shut 

R4(config)#]nt SO.0.41 point-to-point 
R4(coni.g-subif)#lp address 10.1.14.4 255.255.255.0 
R4ic cm fig-s Lib if!i#Framc- relay intcrfacc-dlci 40 1 

'i'o verify and test the configuration: 

On K4 

R4r*Sho\v frame map 

ScrialO/0/0.4 1 (up): point-to-pint did, dki 40 1 (Ox 1 9 1 ,0x64 1 0), broadcast 
st at u s d cfin cd . ac the 

R4#Ping 10.1.14.1 

Type escape sequence to abort. 

Sending 5 S 100-bytc ICMP Echos to 10. 1. 14. 1, timeout is 2 seconds: 
< h n 

Success rate is 100 percent (5/5), round-trip min/avg'max = 56/56/60 ms 



Task 2 

Configure authentication on the routers as follows: 

A. For Rl and R2*s connection: 

R I should send a challenge when it is called by R2. 
R2 should NOT authentic ate when it is called. 

CCIE R&«* by Narbik Kochartans Advanced CCIE R&S Work Book 2.0 Page 308 of 1068 

C2Q09 Narbik. Kuchiriani. All rights reserved 



The password for this authentication should be "ei sco 1 2*'. 

This authentication should be successful even if the host name of the router 

is changed. 

B. For Rl and R3*s connection: 

Rl should NOT authentic ate when it is called. 

R3 should use PAP authentication when it is called hy Rl. 

The password for this authentication should be "ei set) 13". 

The host name of the router should be used for this authentication. 

C. [-"or R 1 mid R4*s coiuiL'ction: 

R 1 should send a challenge when it is called by R4. 

R4 should use PAP authentication when it's called by Rl . 

The password for CHAP authentication should bc^eisco". whereas, the 

password for PAP should be set to "ciscoPAP" and the hostname should be 

configured to be "Rl-PAF*. 



For Rl and R2*s connection: 



On Rl 



Rli'config^L'scrnamc R2 password eiscol2 

Rlfconfig^lnt SO/0.12 

RI(config-if)f# No IP addr 

R!(config-if)#Frame-reIay interface-dlei 1(12 ppp virtual-template 12 

Rl(con%>#]ntS0.0. 13 

Rlfconfig-subif^No IP address 

Rl(config-subif)#Franie-relay interface-dlei 103 ppp \ iiln nt-tuinplitte 13 

Rl(config)#lntS0/0.!4 

Rl(config-subifi#No IP address 

Rl(config-subif!i#Frame-relay interface-dlei 104 ppp \ ii In LtL- tempi ate 14 

Rl (config)#]nt Virtual-Temp late 12 
Rlfconfig-ityip address 10.1.12.1 255.255255.0 
RI(config-if)frppp authentication chap callin 
Rl (config-if)#ppp chap hostname Rl 

On R2 

R2(config)#Uscrnamc Rl password ciseoll 



CCIE R&«* by N'arUk KucharLans Advanced CC1E R&S Work Book 2.0 Page 309afl068 

£ 2009 Narbik Kucha rianx All rig h Unnerved 



R2(config)*]nt SO/0.2! 

R2(oonfig-subif)#Na IP addr 

R2(config-subif)#Frame-relay interlace-dlci 2(11 ppp virtu a I- tempi ate 21 

R2(eonfig)#Int Virtual-Temp latc2 1 
R2(config-ii>Ip address 10.1.12.2 255.255255.0 
R2(config-if)r*ppp ehap hostname R2 

To test and verily the configuration : 

On R2 

R2f* Debug ppp authentication 

R2(config)#lnt SO/0 
R2(config-il>Shut 
R2iconfig-if>*No shut 

R2iconl1g-ift*do Ping 1 0. 1. 1 2. 1 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 10. 1. 12. 1. timeout is 2 seconds: 

♦Nov 25 23:20:57.783: %LlNK-34JPDOWN: Interlace Virtual- Acccss2, changed state to up 

*Nov25 23:20:59.639: Vi2 CHAP: I CHALLENGE id 17 len 23 from "RI" 
♦Nov 25 23:20:59.639: Vi2 CHAP: Using hostname from interlace CHAP 
♦Nov 25 23:20:59.643: Vi2 CHAP: Using password from AAA 
*Nov25 23:20:59.643: Vi2 CHAP: () RESPONSE id 17 len 23 from '"R2" 
♦Nov 25 23:20:59.659: Vi2 CHAP: I SUCCESS id 17 len 4. 

*Nov 25 23:21:00.659: %LINEPROTO-5-UPDO\VN: Line protocol on Interface Virtual- 

Access?, changed state to up.. 

Success rate is 20 percent (1/5), round-trip min/avg/max = 60/60/60 ms 

The output of the above debug command shows the "Challenge'" packet coming 
Inbound, "Response'" packet going Outbound, and the "Success" coming Inbound. 

For Kl and K3\ connection: 
On RI 



R I (config)#] nt Virtual- Temp late 1 3 
Rlfconfig-iiVlp address It). 1. 13. 1 255. 255.255.0 



CCIE R&*> b* Narbik kuirhnrUnt. Advanced CCIE R&S Work Book 2.0 Pqge 310of]Q63 

C2Q09 Narbik Kucha rianx All rig h Unnerved 



R I iconfig-if)f#ppp pap sent-username Rl password ciscc>13 

On K3 

RSfconfig'^Uscrnamc Rl password cis-eu 13 

R3(config')#lnt SO 0.3! 

R3(config-subif)#No IP address 

R3(config-subif)#Fraine-relay interf'ace-dlci 301 ppp virtual-template 31 

R3(config')#Int Virtual-Temp latc3 1 
R3(config-if)#]p address 10.1. 13.3 255.255.255.0 
R3(config-if)#ppp authentication pap callin 

To test and verify the configuration: 

On R3 

R3# Debug ppp authentication 

R3i;config)#]nt SO 
R3(config-ii>Shut 
R3(config-ii>*No shut 

RS.config-ifltfDo Ping 1 0. 1. 1 3.1 

♦Nov 25 23:36:41.419: Vi2 PPP: Authorization required 

*Nov 25 23:36:41.439: Vi2 PAP: IAI.TH-REO id 3 len 1 5 tram "Rl" 

♦Nov 25 23:36:41.439: Vi2 PAP: Authenticating peer Rl 

♦Nov 25 23:36:41.439: Vi2 PPP: Sent PAP LOGIN Request 

♦Nov 25 23:36:41.439: Vi2 PPP: Received LOGIN Response PASS 

♦Nov 25 23:36:41.443: Vi2 PPP: Sent LCP AUTHOR Request 

♦Nov 25 23:36:41.443: Vi2 PPP: Sent IPCP AUTHOR Request 

♦Nov 25 23:36:41.443: Vi2 LCP: Received AAA ALTHORRcspon.se PASS 

♦Nov 25 23:36:41 .443: Vi2 IPCP: Received AAA AUTHOR Response PASS 

♦Nov 25 23:36:41 .443: Vi2 PAP: () AUTH-ACK id 3 len 5 

♦Nov 25 23:36:41.455: Vi2 PPP: Sent IPCP AUTHOR Request 

Type escape sequence to abort. 

Sending 5, 100-byte 1CMP Echos to 10. 1. 13. 1, timeout is 2 seconds: 



Success rate is 100 percent (5/5), round-trip min/avg'max = 56/57/60 ms 



CCIE R&S by NarMk KucharLaiH Advanced CCIE R&S Work Book 2.0 Page Ml of 1068 

E 2009 N»rbik Koch* rum All rjjjhU rcirrvwl 



For Rl and R4*s connection: 



On kl 



Rlfconfig'^L'scrnamc R4 password cisco 

R 1 (c o n fig)#] nt V ir tual- Temp late 1 4 

RlfconfigWP address 10.1.14.1 255255255.0 

Rl(config)# ppp authentication chap callin 

Rl(config)# ppp pap sent -user name Rl-PAP password I) eiseoPAP 

On R4 

R4(config)#L"$ername Rl-PAP password cisco PAP 

R4(©Oiifig)#L'&crnamc Rl password cisco 

R4(configWnt SO/0.41 

R4(config-subif)#No ip address 

R4(config-subii)#Fra me- relay interf'ace-dlci 401 ppp virtual-template 41 

R4(config)#Int Virtual-Temp Iatc4 1 
R4(config-ii>lP address 10. 1.14.4 255.255.255.0 
R4('cont1g-itVppp authentication pap callin 

To test and verily the configuration: 



On R4 

R4#Dcbug ppp authentication 

R4#fcon%)#]nt 90/0 
R4#(ooiifig-if)#Shiii 

R4#(config-ift#No shut 

R4#(config-ift#Do Ping 1 0. 1.14.1 

*\1ar 2 06:01 :36.303: Vil PAP: 1 ALTH-REO id 6 len 20 from "Rl-PAP" 

*Yar 2 (36:01:36.303: Vil PAP: Authenticating peer Rt-PAP 

*Mar 2 06:01:36.307: Vil PPP: Sent PAP LOGIN Request 

*Mar 2 06:01:36.31 I: Vil PPP: Received LOGIN Response PASS 

*Mar 2 06:01:36.31 1: Vil CHAP: I CHALLENGE id 6 len 23 from "Rl" 

*\1ar 2 06:01 :36.3 15: Vil CHAP: RESPONSE id 6 xn 23 from "R4" 

*Mar 2 06:01 :36.3 19: Vil LCP: Received AAA AUTHOR Response PASS.! 



CCIE R&S by NarMk Kucharians Advanced CCIE R&S Work Book 2.0 Page 312 of 1068 

£ MD9 X»rbik. Koch* rum All riflhu raervetl 



Success rate is 2(1 percent (1/5), round-trip min/avg/max = 56/56/56 ms 

♦Mar 2 06:01 :36.3 19: Vil IPCP: Received AAA AUTHOR Response PASS 

*Mar 2 06:01 :36.3 19: Vil PAP: O A I TH-ACK id 6 ten 5 

*Mar 2 06:01 :36.339: Vil CHAP: I SUCCESS id 6 ten 4 

*\1ar 2 06:01:36.343: Vil PPP: Sent IPCP AUTHOR Request 



Task 3 

Erase the startup conlig and reload the routers be lore proceeding to the next lab 



CCIE R&*» by Narbik Kuchariaiw Advanced CCIE R&S Work Book 2.0 Page Jii of 1068 

£ £009 >iarl>ik Kucha rlim All rij|hu raerved 



Lab 6 - Frame-relay End-to-End Keepalive 



10.1.144/24 




SGMi41 




SQ/0.12 10,1.12.1/24 

i S0/Q.13 10.1.13.1/24 

^90/0.14 10.1.14.1/24 




10.1.133/24 S0/(X31 




IP addressing and DL.CI ini'ormation Chart: 



X 



1 0,1.1 Z2 24 



50jU21 




Routers 


1 l J address 


Local ULCl 


Con nee ting to: 


Rl ~s Frame-relay interface 


10.1.121 (2A 

10.1.13.1 .24 
10.1.14.1 24 


102 
103 

104 


R2 
R3 

R4 


R2's Frame- relay interface 


1 0.1. 12.2/24 


201 


Rl 


R3's Frame- relay interface 


10.1.13.3 24 


301 


Rl 


R4*s Frame- relay interface 


10.1. 14.4 ,'24 


401 


Rl 



CCIE R&S by NarMk Kuehariaiis Advanced CCIE R&S Work Book 2. II 

C2Q09 Virbik Kucha rianx All rijhu reserved 



Page 31 4 of 1068 



Task 1 

Configure the routers in a hub and spoke manner using the IP addressing in the above 
chart. 

These routers should be configured in a Point -to -Point manner as follows: 

r On Rl : DLCIs 1 02, 103 and 1 04 should be used for it's connection to R2, R3 and 
R4 respectively. 

> On R2, R3 and R4: DLCIs 20 1 , 30 1 and 40 1 should be used on R2, R3 and R4 
respectively lor their point-to-point frame-relay connection to Rl iThc hub). 



On Rl 

Rl(eonfig)#Jntcrfaec SO 
Rl (con fig- if)?* Encap frame 
Rlfconfig-if^Noshut 

Rl(config)#]ntcriacc S0/0. 12 point-to-point 
Rl(config.subif)#]p address 10.1.12. 1 255.255.255.0 
R 1 iconfig-subif)#Frame- relay interfacc-dlci 102 

Rlfconfig .^Interlace SO/0.13 point-to-point 
Rl(config-subif)#]p address 10.1.13.1 255255.255.0 
Rl (config-subif)#Framc-rclay interfacc-dlci 103 

Rl(config)rr]ntcrfacc SO 0.14 point-to-point 
R](config-subif)*lp address 10.1.14.1 255.255.255.0 
Rl(config-subif)#Framc-rclay intcrfacc-dki 104 

I o verify the configuration: 

On Rl 

Rl^Show frame map 

ScrialO/0.12 (up): point-to-point die i, dlci 102(0x66,0x1860), broadcast 

status defined, active 
ScrialO/0.13 (up): point-to-point dki, dlci 103(0x67,0x1870), broadcast 

st at u s d cfin cd , ac t iv c 
ScrialO/0.14 (up): point-to-point dlci, dlci 104(0x68,0x1880), broadcast 

status defined, active 



CCIE R&S b> Narblk Kuirhariaiw Adt anted CCIE R&S Work Book 2.11 Page MS of 1068 

C2009 \»rbik Koch* riira. All rjjjhU rcirrvcd 



On R2 

R2config-subif)*HntS0/0 
R2contig-if)#Encap frame 
R2con%-it)^No shut 

R2config)#Int SO 0.21 point-to-point 
R2coniig-subii>lp address 10.1. 12.2 255.255.255.0 
R2config-subii')#Fnimc-rclay intcrfacc-dici 201 

To verify and test the configuration: 

On R2 

R2#Show frame map 

ScrialO/0.21 (up): point-to-point die i, dlci 201 (OxC 9,0x3090), broadeast 
status defined, active 

R2#Pjng 10.1.12.1 

Type escape sequence to abort. 

Sending 5, lOO-bytclCMP Echosto 10.1.1.2.1, timeout is 2 seconds: 


Success rate is 100 percent (5/5), round-trip min/avg max = 56/56/60 ms 

On K3 

R3con%-subif)#IntS0 
R3con fig- if)#E neap frame 
R3coniig-if)#\o shut 

R3contig-subit>lnt SO/0.31 point-to-point 

R3co n fig- sub i f)#] p address 1 . 1 . 1 3 . 3 2 5 5. 25 5 .25 5 . 

R3coniig-subif)#Frdmc-rclay intcrfacc-dlci 301 

To verify and test the configuration: 

On K3 

R3#Show frame map 

ScriaiO/0.31 (up): point-to-point dki, dlci 301(Qxl2D,Ox4SDQ), broadcast 



CCIE R&S by NarMk Kueharians Advanced CCIE R&S Work Book 2.0 Page 316 of 1068 

C2Q09 Narbik Kucha rianx All rij|hU rcirrv«l 



status defined, active 

Rgjgjmg 10.1.13.1 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echos to 10. 1. 13 I. timeout is 2 seconds: 

MM* 

Success rate is 100 percent (5/5), round-trip min/avg'max = 56/56/60 ms 
On R4 

R4con tig- subitum SGfl 
R4co n tig- if)#E neap frame 
R4con tig- i t)ffSo shut 

R4c n tig- sub i f )#] n t S 0/0 .41 no i nt- to -po in t 
R4contig-subityip address 10.1. 14.4 255.255.255.0 
R4 co n fig- sub ift^Fra me- relay intcrtacc-dlci 401 

'i'o verify and test thr cnnfmurtitinn: 

On R4 

R4**Show frame map 

ScrialO/0.4 1 (up): point-to-point dki ( dlci 40 1 (0x1 9 1 ,0x64 10), broadcast 
status defined, active 

R4*Ping 10.1.14.1 

T\pc escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 10. 1. 14. 1. timeout is 2 seconds: 
run 

Success rate is 100 percent (5/5), round-trip min/avgmax = 56/56.60 ms 



Task 2 

Configure Frame- relay end -to -end kccpalivcs on Rl and R2. these routers should be 
configured in bidirectional mode using the default values. 



Routers depend on the LYtlstti maintain the status of an active connection, since 



CCIE R&*» b\ Narbik KuL-hurLuiw AdtunccdCClE R&S Work Book 2.0 Page 3! ? of 1068 

C 30419 Narbit Kucha rum. All rnjhu reserved 



The intermediate switches in the cloud may not support NN1 LMIs, FREEK can 
he used to provide the local router with the status of the remote end. FREEK 
accomplishes this by providing an end to end keepalive, this keepalive runs on the 
data DLC1 (16-997) and not the LMI DLCI (Cisco LM1 uses DLC1 1023, and 
Q933a and ANSI uses DLCI 0). 

FREEK maintains two internal keepalives: 

> The first one is used to send out keepalive requests and to handle 
responses to the requests; this is considered the send side. 

> The second one is to handle and reply to the requests: this is 
considered the receive side. 

At the send side when the timer expires, the send side transmits a keepalive and 

waits for a reply. When the send side receives the reply before the timer expires a 

frame-relay keepalive is recorded. If the timer expires and no keepalives are 

received, an error event is recorded. 

If a sufficient number of error events are observed, the PVC will transition to a 

down state, The number of events necessary to change the status from up to 

down is known as event window. 

Some of the parameters and values can be changed as follows: 

Frame- relay end-to-end keepalive |send | receivel error-threshold 

This command configures the number of frame-relay end-to-end keepalive errors 
that must occur in the event window before the interface goes down. Default is 2, 
and the maximum number is 32. 

Frame-relay end-to-end keepalive Isend | receivel success-events 
This command configures the number of frame-relay end-to-end keepalive 
successes that must occur before the interface comes up. Default is 2, and the 
maximum number is 32. 

Frame-relay end-to-end keepalive |send | receivel timer 

This command configures end to end keepalive timers: this can be configured for 

send or receive side 

Frame- relay end-to-end keepalive event- window 

This command tells the IDS to keep track of x number of most recent events. 

On Rl 

Rl(config)#Map.class framc-rclay TST12 

Rl icontlg-map-class! )~ frame- relay end-to-end keepalive mode bidirectional 



CCIE R&S by Narbik Kucharians Advanced CCIE R&S Work Book 2.0 Page 318 of 1068 

C 2009 Narbik Kochariaiu. All rij|hU rcirrvwl 



R! (config)#]nt Scrial0.'0.12 point-to-point 

R I (c o n fig -s u b if)# frame - rcla y i ntcrfac c-d k i 102 

R] (config.fr.dlei)#class TSTI2 

i'o verify the configuration: 

On Kl 

Rl#Show frame-relay end-to-end kccpalivc interface SQ/0.12 

End-to-end Kccpalivc Statistics for Interface ScrialO'0.21 (Frame Relay DTE) 

DLC1 = 201, DLC1 USAGE = LOCAL, VC STATUS = ACTIVE (EEKUP) 

SEND SIDE STATISTICS 

Send Sequence Number: 3. Receive Sequence Number: 4 

C o n fi gured E ven t Wi nd o w: 3, Co nfigu red E rm r T hr csho !d : 2 

Total Observed Events: 6. Total Observed Errors: 

Monitored Events: 3, Monitored Errors: 

Successive Successes: 3 S End -to -end VC Status: UP 

RECEIVE SIDE STATISTICS 

Send Sequence Number: 3, Receive Sequence Number: 2 

Configured Event Window: 3, Configured Error Threshold: 2 

Total Observed Events: 5, Total Observed Errors: 

Monitored Events: 3 S Monitored Errors: 

Successive Successes: 3, End-to-end VC Status: UP 

On R2 

R2(config)£ map-class frame-relay TEST 

R2(confag-map-c lass)* frame-relay end-to-end keepalive mode bidirectional 

R2(config)#intcrfacc ScrialQ 0.21 point-to-point 
R2(config-subif)#framc intcrfacc>dlci 201 
R2i;config-fr-dki)#c lass TEST 

lo verify the configuration: 
On R2 



CCIE R&«* by NarMk KueharLaiM Advanced CCIE R&S Work Book 2.0 Page 319oflQ68 

C2009 Varbik. Kuchariam. All rij;hlj rcirnul 



R2~Show frame-relay end -to -end keep alive interface SO/0.21 

End-to-end Kccpalivc Statistics tor Interface ScrialO 0.21 (Frame Relay DTE) 

DLC1 =201, DLCI USAGE = LOCAL, VC STATUS = ACTIVE f EEK UP) 

SEND SIDE STATISTICS 

Send Sequence Number: 4, Receive Sequence Number: 3 

Configured Event Window: 3, Configured Error Threshold: 2 

Total Observed Events: 6, Total Observed Errors: 

Monitored Events: 3, Monitored Errors: 

Successive Successes: 3, End -to -end VC Status: UP 

RECEIVE SIDE STATISTICS 

Send S'L-quLTfL';: Nur.bjr: 3. Receive Sequence Number: 2 

Configured Event Window: 3. Configured Error Threshold: 2 

Total Observed Events: 5, Total Ob Errors: 

Monitored Events: 3, milorcd Errors: 

Successive Successes: 3. End-to-end VC Status: UP 

To test the unitijjumtion: 

On R2 

R2(config)#]nt SO/0.21 
R2(config-subif)#Shut 

On Rl 



R lr^Show frame end keep inter SO 0. 1 2 

End-to-end Kccpalivc Statistics for Interface ScrialO/0. 12 (Frame Relay DTE) 

DLCI = 1 02, DLCI USAGE = LOCAL, VC STATUS = ACTIVE (EEK DOWN) 

SEND SIDE STATISTICS 

Send Sequence Number: 29, Receive Sequence Number: 28 

Configured Event Window: 3, Configured Error Threshold: 2 
Total Observed Events: 42, Total Observed Errors: 12 

Monitored Events: 3, Monitored Errors: 1 

Successive Successes: 0, End-to-end VC Status: UP 



CCIE R&S by Narbik Kueharians Advanced CCIE R&S Work Book 2.0 Page 320o/1068 

£20(ID Narbik Kuchariani. All rife-lib reserved 



RECEIVE SIDE STATISTICS 

Send Sequence Number: 28. 
Conligured Hvent Window: 3. 
Total Observed Events: 39. 
Monitored Events: 3, 
Suee ess ivc Successes: 0, 

Rl#ShQw ip int brie 



Receive Sequence Number: 27 
Configured Error Threshold: 2 
Total Observed Errors: 9 
Monitored Errors: 2 
End-to-end VC Status: DOWN 



Inter face 
FaStEthernetO/0 

Fast Ether net I 
St; ri a KM 
Ser.al0ffl.12 

ScrialO/0.13 
Scrial0/0.14 



IP-Address OK' 1 Method Status Protocol 

li n assigned YE S u ns ct ad min i strativcly down down 
u n assigned YE S u ns ct ad min i strativcly down down 

li missioned YES unset up up 

10.1.12.1 YES manual down down 

10.1.13.1 YES manual up up 

10.1.14.1 YES manual up up 



Note the default configured error threshold is 2, therefore, when Rl did not 
receive two replies within three events, it's sub-interface SO/0.12 transitioned into 
down/down state. But the main interface (SO/0), is still in up/up state. 

To test the success events: 

On K2 

R2(config)#]ntcriacc SO/0.21 
R2(config-subif)r*\o shut 

On Rl 



Rl*Sh frame end keep inter SO/0. 12 

End-to-end Kccpalivc Statistics for Interlace ScrialO/0. 12 (Frame Relay DTE) 

DLC1 = 1 02, DLCI USAGE = LOCAL, YC STATUS = ACTIVE (EEK UP) 

SEND SIDE STATISTICS 

Send Sequence Number: 105, Receive Sequence Number: 30 

Configured Event Window: 3, Configured Error Threshold: 2 

Total Observed Events: 1 1 9 r Total Observed Errors: 87 

Monitored Events: 0, Monitored Errors: 

Successive Successes: 0, End-to-end \'C Status: UP 



CCIE R&«> by N'Hi-Hk KuehariaiH Advanced CCIE R&S Work Book 2.0 

C 2009 Varbik Kucha rians. All righb reserved 



Page 321 of 1068 



RECEIVE SIDE STATISTICS 

Send Sequence Number: 30, Receive Sequence Number: 29 

Configured Event Window: 3, Configured Error Threshold: 2 

Tota] Observed Events: 90, Total Observed Errors: 58 

Monitored Events: 0, Monitored Errors 

Successive Successes: 0, End -to -end VC Status: LP 

Note after three success events in a row, the sub-interface is transitioned into up 
up state. 



Task 3 

Conlitzure Frame-relay end-to-end kccpalivcs for the YC that connects Rl to R3. Rl 
should be configured in request mode whereas R3 should be configured in reply mode 
using the default values. 



On Rl 

Rl (con fig)#\lap -class frame- re lay TST13 
Rl(config-map-c!ass)#fraine-relay end-to-end keepalive mode request 

Rl (config)# interface ScrialQ'0. 13 point-to-point 
Rl (config-subif)#framc-rclay intcrfacc-dlci 103 
Rl (config.fr.dk: i)#c lass TST13 

To verify the confiauration: 

On Rl 

Rl#Show frame- relay end'toend keepalive interface SO.'0. 13 

End-to-end Keepalive Statistics tor Interface ScrialO/0. 13 (Frame Relay DTE) 

DLCI = 1 03, DLCI USAGE = LOCAL, VC STATUS = ACTIVE (EEK LP) 

SEND SIDE STATISTICS 

Send Sequence Number: 255, Receive Sequence Number: 1 

Configured Event Window: 3, Configured Error Thrcsho.d: 2 



CCIE R&<> by Narblk Kuehariuiis Advanced CCIE R&S Work Book 2.0 Page 322 of 1068 

£ 3009 N«rbik Koch* runs. All riflhU raervetl 



Total Observed Events: 7, Total Observed Errors: 4 

Monitored Events: 2, Monitored Errors: 

Successive Successes: 2, End-to-end VC Status: UP 

On R3 

R3(config)# map -class frame- relay TST31 

R3(config-map-cIass )f^ frame- relay end-to-end keepalive mode reply 

R3 ft o n fig)rr in tertkee Serial .31 po in t-to - po i nt 
R3 (c a n fig-s ub if)#framc - rcla y i ntcrfacc-d lc i 30 1 
R3(config-fr-dlci)#class TST 3 1 

To verify the configuration: 
On K3 

R3#Show frame end-to-end keepalive Interlace SO (3.31 

End-to-end Keepalive Statistics for Interface ScrialO'0.31 (Frame Relay DTE) 

DLC1 = 301, DLCI USAGE = LOCAL, VC STATUS = ACTIVE (EEK UP) 

RECEIVE SIDE STATISTICS 

Send Sequence Number: 15, Receive Sequence Number: 14 

Configured Event Window: 3. Configured Error Threshold: 2 

Total Observed Events: 17, Total Observed Errors: 

Monitored Events: 3 S Monitored Errors: 

Successive Successes: 3, End-to-end VC Status: UP 



To test the configuration: 



On kl 

Rl(config)#]ntS0/0.13 
R 1 (c o n fig-s ub if )f* S hu t 

On K3 



R3#Show frame end-to-end keepalive Interface SO. 0.3 1 

End-to-end Keepalive Statistics for Interface ScrialQ'0.31 (Frame Relay DTE) 



CCIE R&^s bj Narbik RuL-harLaiw Advanced OCIE R&S Wurk Book 2.0 Pqge 323 of 1068 

C 30419 Varbik Kiichirum. All rights r«rrv«l 



DLC1 = 301, DLC1 USAGE = LOCAL, VC STATUS = ACTIVE (EEK DOWN) 

RECEIVE SIDE STATISTICS 

Send Sequence Number: 24, Receive Sequence Number: 23 

Configured Event Window: 3, Configured Error Threshold: 2 

Total Observed Events: 31, Total Observed Errors: 5 

Monitored Events: 3 S Monitored Errors: 2 

Successive Suec esses: 0, End -to -end VC Status: DOWN 

To test the success events: 

On Kl 

Rl(config)#]nt SO/0.13 
Rl(eonfig-subif)No shut 

On R3 

RJ#Show frame end-to-end kccpalivc Interlace SO 0.3 1 

End-to-end Kccpalivc Statistics for Interface ScrialO 0.3 1 (Frame Relay DTE) 

DLC1 = 301, DLCI USAGE = LOCAL, VC STATUS = ACTIVE (EEK UP) 

RECEIVE SIDE STATISTICS 

Send Sequence Number: 26, Receive Sequence Number: 25 
Configured Event Window: 3, Configured Error Threshold: 2 
Total Observed Events: 42, Total Observed Errors: 14 

Monitored Events: 0> Monitored Errors: 

Successive Successes: 0, End-to-end VC Status: UP 

Note the sub-interface SO/0. 31 cm R3 transitioned into up/up state. 



Task 4 

Configure Frame-relay end-to-end kccpalivcs for the VC that connects Rl to R4. These 
two routers should be configured in bidirectional mode using the following policy: 



CCIE R&* by Narbik KucharLans Advanced CCIE R&S Work Book 2.0 Page 324 of 1068 

CM NarbikKochariaiu. All riflhU raervctl 



If these routers have three errors within 5 events, the sub-interface should transition into 
down'down state, and if they have tour success events in a row, the sub-interface should 
transition into up up state. Ensure that the kccpalivcs arc exchanged every 20 seconds. 



On Kl 

Rl (con fig )#Map -class frame- re lay TST14 

Rl (con fig- map -class J#f ram e- relay end-to-end keepalive mode bidirectional 
R 1 iconl'ig-ir.Lip-j'.Liss i-Tntm e-rekn end-to-end keepulh e e\ eat -win don recs 5 
Rl(config-map-c3ass)# frame-relay end-to-end keepalive event-window send 5 

Rl(config-map-class)#frame-relay end-to-end keepalive error-threshold reev 3 
Rl (config-map-c!ass)#frame-relay end-to-end keepalive error-threshold send 3 

RI(conf1g-map-c!ass)#frame-reIay end-to-end keepalive success- events recv 4 
Rl(config-map-cIass)#frame-reIay end-to-end keepalive success-events send 4 

RI(config-map-dass)r ! frame-relay end-to-end keepalive timer recv 20 
Rl(config-map-class)#frame-relay end-to-end keepalive timer send 20 

Rl(config)#Int ScrialO/0.14 point-to-point 

Rl (config-subif)#lramc- relay intcrfacc-dki 104 

Rl (config-subil)#class TST 14 

To verify the configuration: 
On kl 

RlnShow framc-rclay end-to-end keepalive interface SO/0. 14 

End-to-end Keepalive Statistics for Interface ScriaIO/0. 14 (Frame Relay DTE) 

DLC1 = 1 04, DLCI USAGE = LOCAL, VC STATUS = ACTIVE (EEK UP) 

SEND SIDE STATISTICS 

Send Sequence Number: 7> Receive Sequence Number: 8 

Configured Event Window: 5, Configured Error Threshold: 3 

Total Observed Events: 19, Total Observed Errors: 9 

Monitored Events: 5, Monitored Errors: 

Successive Successes: 5, End-to-end VC Status: UP 

RECEIVE SIDE STATISTICS 



CHE R&S by Narbik Kuchariuiw Advanced CCIE R&S Work Book 2.0 Page 325 of 1068 

C2Q09 Narbik. Kocharianx All rij|hU mrrvrd 



Send Sequence Number: 9. Receive Sequence Number: 8 

Configured Event Window: 5, Configured Error Threshold: 3 

Total Observed Events: 19, Total Observed Errors: 8 

Monitored Events: 5 S Monitored Errors: 

Successive Successes: 5, End -to -end VC Status: UP 

On K4 

R4(config)#Map-class frame-relay TST4 1 
R4(eonfig-map-class)nfranie-relay end-to-end keepalive mode bidirectional 

R4(config-map-c3ass)#frame-reIay end-to-end keepalive event-window reev 5 
R4(comfi||;-map-cl ass )£ frame-relay end-to-end keepalive event-window send 5 

R4(config-map-class)rrframe- relay end-to-end keepalive error-threshold reev 3 
R4(eonfig-map-class)#frame-relay end-to-end keepalive error-threshold send 3 

R4(config-map-cIass)#frame- relay end-to-end keepalive success-events reev 4 
R4(config-map-class)nframe-relay end-to-end keepalive suecess-events send 4 

R4(config-map-c!ass)#frame- relay end-to-end keepalive timer reev 20 
R4(config-map-c3ass)#frame- relay end-to-end keepalive timer send 20 

R4(config)#]nt ScrialO/0.41 point-to-point 
R4(config-subii)?rlramc-rclay intcrfaec-dlei 401 
R4(config.fr-dlci)#class TST 41 

To verify the lonliuuratiun: 

On R4 

R4#Show frame- relay end-to-end keepalive interface SO/0.41 

End-to-end Keepalive Statistics for Interface Scrial0'0.41 (Frame Relay DTE) 

DLCI = 401, DLCI USAGE = LOCAL, VC STATUS = ACTIVE (EEK UP) 

SEND SIDE STATISTICS 

Send Sequence Number: 11, Receive Sequence Number: 12 
Configured Event Window: 5, Configured Error Threshold: 3 
Total Observed Events: 14, Total Observed Errors: 
Monitored Events: 5, Monitored Errors: 

Successive Successes: 5, End-to-end VC Status: UP 



COE R&S by \iu-Hk Kucharians Advanced CCIE R&S Work Book 2.11 Page 326 of 1068 

£ £009 Xarbik Kucha rianx All rijhu reserved 



RECEIVE SIDE STATISTICS 






Send Sequence Number: 1 1 . 


Receive Sequence Number: 


10 


Configured Event Window: 5 5 


Configured Error Threshold 




Total Observed Events: 13, 


Total Observed Errors 


Q 




Monitored Events: 5, 


Monitored Errors: 






Successive Successes: 5. 


End-to-end VC Status: 


LP 





Task 5 



Erase the startup contig and reload the routers before proceeding to the next lab 



CCIE R&*» bv Narbik K.ui;harians 



Advanced CCIE R&S Wflrk Book 2.0 

C 2009 Mar bib Kuchariant. Ail righu ruervnl 



Page 327 of 1068 



Lab 7- Trickv Frame-relay configuration 



4444 l& 




A/ 

sc/o 




11.11/8 SO/0 



<> 




^ 



13.3.3/8 30/0 




IP addressim? and DLCl information Chart: 



X 

2.2.2.2/3 



SOX) 




Routers 


I l J address 


Local I) LCI 


Connecting to: 


RI'sLoopback interface 
RTs Frame- rc lay interface 


LI. LI ,8 

]p unnumbered LoO 
]p unnumbered LoO 
Ip unnumbered LoO 


102 
103 

104 


R2 
R3 

R4 


Rl 's Loopback interface 
R2*t Frame-relay interface 


2.2.2.2 fS 

Ip unnumbered LoO 


201 


Rl 


R3 : s Loopback interface 
R3 : s Frame-relay interface 


T T ~1 ~1 i'O 

_>. _>.-?._* O 

]p unnumbered LoO 


30 1 


Rl 


R4*s Loopback interface 
R4*s Frame-relav interface 

■ 


4.4.4.4 .'8 

Ip unnumbered LoO 


401 


Rl 



CCIE R&«» bv Narbik KuL-harians 



Advanced CCIE R&S tturk Book 2.0 

C2fl_9 Virbik Kucha rianx All rijhu raerved 



Page 328 of 1068 



Task 1 

Configure the routers in a hub and spoke manner using the IP addressing in the above 
chart. 

The hub router (Rl): This router should uscDLCls 102* 103 and 104 tor it's 
connection to R2, R3 and R4 respectively. This router should 
be configured in a multipoint manner. 

The spokes, R2, R3 and R4: DLCIS201, 301 and 401 should be used by R2 r R3 
and R4 respectively lor their frame-relay connection to R I 
(The hub). 

Ensure that these routers have full reachability to every Loopback interface, this should 
include their own. You should NOT use ' TYame-rehvs map ", and. or static/dynamic 
routing to accomplish this task. 

None of the routers should he configured with sub-interface's. 



On Rl 

Rl(config)#]nt SO/0 

R 1 (c o n fig- if)rr Encap fra me- relay 

Rl (con fig- if)#Fra me- relay interface-dlci 102 ppp virtual-template 1 

R I (config-if)" Frame-relay interface-dlci 103 ppp virtual-template 1 

Rl (c o n fig- if)#Fra me- relay interface-dlci 104 ppp virtual-template 1 

Rl(config)#]nt Virtual- temp late 1 
Rl(config-if)#Ip unnumbered ioO 

Rlfconfig^lnt loO 

Rl (config-il>]p address I . I . I . I 255.0.0.0 

On R2 

R2(configWnt S0/0 

R2 ( c o n fig- if )#E neap fra me- relay 

R2(config-if)r#Frame-relay interface-dlci 201 ppp virtual-template 2 

R 2 1 c o n fig)#l nt V irtual- temp late 2 
R2fconfig-if)rr]p unnumbered k)0 

R2(config)#]nt IoO 

R2(config-ifyip address 2.2.2.2 255.0.0.0 



CCIE R&<> by NarMk Kuchariaiw Advanced CCIE R&S Work Book 2.0 Page 329a/1068 

CM09 \«rbik Koch* runs. All rijhu raerved 



On K3 

R3(config)#]nt SO/0 

R3 (c o n fig- if)#E neap ira mc- relay 

R3(config-if)#Frame-relaY interface-dlci 301 ppp virtual-template 3 

R3(curifig)rr]nt Virtual- temp late 3 
R2)config-if)#]p unnumbered IoO 

R3(config)#Int loO 

R3i;config-if)#Ip address 3.3.3.3 255.0.0.0 

On K4 

R4(config)#]nt SO/0 

R4 ( c o n fig- if)#Encap fta mc- relay 

R4(config-if)#Frame-relay interlace-dlci 401 ppp virtual-template 4 

R4(config)#]nt Virtual- temp late 4 
R4i"config-if)rr]p unnumbered ioO 

R4(config)#Int IoO 

R4(config-ii>lp address 4.4.4.4 255.0.0.0 

To verity and test connectivity between the hub and it's attat-'hed 

On Kl 

RlffShow ip route 

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP 

D - E1GRP, EX -E1GRP external, - OSPF, LA - OSPF inter area 
M - OSPF XSSA external type 1,N2- OSPF XSSA external type 2 
El - OSPF external type 1 , E2 - OSPF external type 2 
i - 1S-1S, su - 1S-1S summary, LI - 1S-1S lcvcl-1, L2 - IS-1S lcvcl-2 
ia - 1S-1S inter area, * - candidate default, L" - pcr-uscr static route 
o - ODR, P - periodic downkjaded static route 

Gateway of last resort is not set 

C 1 .0.0. 0/8 is directly connected, LoopbackO 

2.0.0.0/32 is subletted, 1 subnets 
C 2.2.2.2 is directlv connected, Virtual-Access 1 



CCIE R&'s bj Narblk Kuchariati!. Adt unced OCIE R&S Work Book 2.11 Pqge 330oflQ68 

C 2009 Mar bib Kucha riant. All rnjhb reserved 



3.0.0.0/32 is subnetted, 1 subnets 
C 5333 is directly connected, Vh tual-.\ccess2 

4.0.0.0/32 is subnetted, 1 subnets 
C 4.4.4.4 is directly connected, Virtual-Aeeess3 

Note when PPP is configured, in the last step of PPP connection, IPCP creates a host 
route for the routers interface that is connected to your local router. This behavior 
can be disabled using the "no peer neiiib bo r- route " command. Note because of this 
behavior in PPP, Rl should have connectivity to every spoke, as folkms: 

On kl 



Rigging 1.1.1.1 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echo s to 1. 1. 1.1, timeout is 2 seconds: 



Success rate is 1(10 percent (5/5), round- trip rnin/avg max = 1/1/1 ms. 

RI*Ping 2.2.2.2 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echosto 2.2.2.2 r timeout is 2 seconds: 



Success rate is 100 percent (5/5), round-trip min/avg'max = 56/58/60 ms 

ftjjPijjg 3.3.3.3 

Type escape sequence to abort. 

Sending 5. 100-bytc ICMP Echos to 3.3.3. 3, timeout is 2 seconds: 



Success rate is 100 percent (5/5), round-trip min/avg'max = 56/58/60 ms 

Rl^Ping 4.4.4.4 

Type escape sequence to abort. 

Sending 5. 100-bytc ICMP Echos to 4.4.4.4, timeout is 2 seconds: 



Success rate is 100 percent (5/5), round-trip min/avg'max = 56/58/60 ms 

On K2 

R2*Sho\v ip route 



CCIE R&S by Narbik Kueharians Advanced CCIE R&S Work Book 2.0 Page 331 of 1068 

£2009 Narbik Kuchariani. All rig lib raerved 



Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP 

D - E1GRP, EX -E1GRP external, - OSPF, LA - OSPF inter area 
XI - OSPF NSSA externa! type I , N2 - OSPF XSSA external type : 
El - OSPF external type 1, E2 - OSPF external type 2 
i - IS-1S, su - 1S-1S summary, LI - IS-IS lcvcl-1, L2 - 1S-IS levcl-2 
ia - IS- IS inter area, * - candidate default, L* - per- user static route 
o - ODR, P - periodic downloaded static route 

G ate way of last re sort is not set 

1.0.0.0/32 is subnetted, 1 subnets 
C 1.1.1.1 is directh coiinecludi \ 'iiiiiiil-AtcL'ss 1 
C 2.0.0. 0/8 is directly connected, LoopbackO 

Note R2 has reachability to Rl but NOT to any of the spokes 

R2*Ping 1.1.1.1 

Type escape sequence to abort. 

Sending 5, 1 00-by tc 1 CMP Eehos to 1.1.1,1, timeout is 2 scco nds: 



Success rate is 1(10 percent (5/5), round-trip min/avg'miix = 56/58/60 ms 

R2*Ping 3.3.3.3 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echo b to 3.3.3.3, timeout is 2 seconds: 

Success rate isO percent (0/5) 

R2*Ping 4.4.4.4 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echos to 4.4.4.4, timeout is 2 seconds: 

Success rate isO percent (0/5) 
On R3 

R3*Show ip route 

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP 

D - E1GRP, EX - E 1GRP external, O - OSPF, 1 A - OSPF inter area 
XI • OSPF XSSA external type I , X2 - OSPF XSSA external type 2 



COE R&«* by Narvik Kuchariuns Advanced CCIE R&S Work Book 2.0 Page 332 of 1068 

C2009 Varbik Kucha rum. All rijjliu reserved 



El - OSPF external type I, E2 - OSPF external t>pc2 
i - IS-IS, su - 1S-1S summary, LI - IS-IS level- 1,*L2 - IS-IS lcvcl-2 
ia - IS- IS inter area. * - candidate default, L* - per- user static route 
o ■ ODR. P - periodic downloaded static route 

Gateway of last resort is not set 

1.0.0.0/32 is subnetled, 1 subnets 
C 1.1.1.1 is directly connected, Virtual-Access 1 

C 3.0.0. 0/8 is directly connected, LoopbackO 

Vi)ii 113 has reachability to Rl hut APT to aiu of the spokes 

R3#gjng 1.1.1.1 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 1. 1. 1 . 1 . timeout is 2 seconds: 



Success rale is 1 (HI percent (5/5), round-trip min/avg'max = 56/58/60 ms 

R3*Ping 2.2.2.2 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 2.2.22, timeout is 2 seconds: 

Success rate is (I percent (0/5) 

R3*Ping 4.4.4.4 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 4.4.4.4, timeout is 2 seconds: 

Success rate isO percent (0/5) 

On K4 

R2?Show ip route 

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP 

D - EIGRP, EX -EIGRP external, - OSPF, I A - OSPF inter area 
M - OSPF NSSA external type I , N2 - OSPF NSSA external type 2 
El - OSPF external type 1, E2 - OSPF external type 2 
i - IS-IS, su - IS-IS summary, LI - IS-IS level- 1,*L2 - IS-IS lcvcl-2 
ia - IS-IS inter area. * - candidate defauit. I." - per- user static route 



CCIE R&S by NarMk Kuehariaiis Advanced CCIE R&S Wark Book 2.0 Page JJJ of 1068 

£ 2009 >iarl>ik Kucha rianx All rijhu rcitnrf 



o - ODR. P - periodic downloaded static route 

G ate way of last resort is not set 

1.0.0.0/32 is sub netted, 1 subnets 
C 1.1.1.1 is directly connected, Virtual-Access 1 

C 2.0.0.0.8 is directly connected. LoopbackO 

Vi<l' R4 has reachability to Rl hulM)T to ain ol'lhe spokes 

R4f*Ping 1.1.1.1 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echos to 1.1. LI, timeout is 2 seconds: 

I (I M 

Success rate is 100 percent (5/5), round-trip rnin/avg'max = 56/58/60 ms 

R4*Ping 2.2.2.2 

T>pc escape sequence to abort. 

Sending 5. 100-bytc 1CMP Echos to 2.2.2.2. timeout is 2 seconds: 

Success rate isO percent (0/5) 

R4jgjng 3.3.3.3 

Type escape sequence to abort. 

Sending 5. 100-bytc 1CMP Echos to 3.3.3.3. timeout is 2 seconds: 

Success rate isO percent (0/5) 

PBR can be configured to provide reachability between the spokes as follows: 

On R2. R3 and R4 

(config)#lp local policy mute-map TST 

(config-routc-map)r 1 Route- map TST permit 10 
(confjg-ro utc-map)** Set ip next-hop 1.1.1.1 

(config-routc-map)r* Route-map TST permit 20 
To test the configuration: 



CCIE R&S by Narbik Kuchariuiw Advanced CC1E R&S Work Book 2.0 Page 334 of 1068 

£ 2009 Narbik Kucha rianx All riflhla raervctl 



On R2 






R2# Debug ip policy 






RZ^Ping 3.3.3.3 source 2.2.2.2 






Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echosto 3.3.3.3, timeout is 

Packet sent with a source address of 2.2.2.2 
i hi i 


2 seco nds: 


Success rate is 100 percent (5/5), round- trip min.'avg'i 


nax = 


1 16/117/120 ms 


IP: s=2. 2.2.2 (local), d=3.3.33, ten 100, policy match 

IP: route map TST, item 10, permit 

IP: s=2.2.2,2 (local), d=33J3 (Virtual- Access2), leu 


100, 


policy ro u ted 


R2#Ping 4.4.4.4 






Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echosto 4.4.4.4, timeout is 
inn 


2 seco nds: 


Success rale is 100 percent (5/5), round-trip min.'avg'i 


nax = 


112/1 14/1 16 ms 


On K3 






R3#Ping 1.1.1.1 






Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 1 . 1. 1 . 1, timeout is 

(MM 


2 seco nds: 


Success rate is 100 percent (5/5), round-trip min.'avg'i 


nax = 


56/57/60 ms 


R3#Ping 2.2.2.2 






Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echosto 2.2.22, timeout is 
i ii ii 


2 9600 nds: 


Success rate is 100 percent (5/5), round- trip rnin/avg'i 


nax = 


112/114/1 16 ms 


R3#Pmg 3.3.3.3 






Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 3.3.3.3, timeout is 

( M M 


2 seconds: 



CCIE R&S by NarMk Kueharians Advanced CC1E R&S Work Book 2.0 Page 33SoflQ68 

C2009 Narbik Kucha rlim All rijjhU rcirnril 













Success rate is 1(H) percent (5/5), round- trip rnin/avg'max = 1/1/4 ms 








R3#Ping 4.4.4.4 








Type escape sequence to abort. 

Sending 5, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds: 








MM* 








Success rate is 100 percent (5/5), round- trip min/avg'max = 1 12/114/1 16 ms 








(Jn R4 








R4*Ping 1.1.1.1 








Type escape sequence to abort. 

Sending 5, 100 -byte ICMP Echos to 1.1.1.1,, timeout is 2 scco nds: 








MM* 








Success rate is 100 percent (5/5), round-trip min/avg'max = 56/58/60 ms 








R4#Ping 2.2.2.2 








Type escape sequence to abort. 

Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds: 








* ** ** 








Success rate is 100 percent (5/5), round- trip min/avg'max = 1 12/113/1 16 ms 








R4#Ping 3.3.3.3 








Type escape sequence to abort. 

Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds: 








* ** ** 








Success rate is 100 percent (5/5), round-trip min/avg'max = 1 12/115/1 16 ms 








R4*Ping 4.4.4.4 








Type escape sequence to abort. 

Sending 5, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds: 








MM* 








Success rate is 100 percent (5/5), round-trip min/avg'max = 1/1/4 ms 






Task 2 




Erase the startup con fig and reload the routers before proceeding to the next lab 




CCIE R&«* by Narbik KuL-harians Advanced COE R&S Work Book 2.0 Page 

£ 3009 Narbik Kocluiruiiu. All rq|lilj reserved 


3M of 1068 



Lab 8 - Frame-relay Multilinking 




~L1 



SOX) 



SO/1 




Task I 



Configure the frame-relay connections between Rl and R2 in a point-to-point manner 
using the DLCls and interfaces in the diagram. Configure Rl and R2 using 10.1.12.1 /24 
and 10. 1.12.2 .24 IP addresses respectively. Ensure the these links appear as one and 
have authentication capability. 



Note the tusk does NOT specifically ask for PPP Mult Hi ok to be configured, but 
since the tusk asks for each router to have a single IP address and it states that the 
links should appear as one with authentication capability, that should be enough to 
indicate the PPP Multilink configuration. 

Most of the time there is only a single connection between two routers, but there are 
situations where you may need to have multiple layer one connections between the 
two routers, one reason could be to increase the size of the pipe between the tiro 
routers. The point of Multilink PPP is to take multiple PPP links and "bond" them 
together to act as a single PPP link. These PPP links that are being bonded could be 
an ISDN BRI circuit, IT circuits, or other types of PPP circuits as long as they are 
from the same provider. 

On Rl 



The following command creates a logical multilink group, in the following 

configuration the multilink group is assigned a value of 12, but the range is 1 

Billion. 

Rllcontlg^int Multilink 12 

An IP address is assigned to this logical interface, as follows: 



-2.14 



CCIE R&«* bv Narbik KuL-harians 



Advanced CCI E RA.S Wurk Book 2.0 

C 2009 \arl>ik Kucha runt. All riflhU reserved 



Page 33 7 of 1068 



Rl(config-if)#ip addr 10.1.12.1 255.255.255.0 
To verify the confix uration: 

On Rl 

Rl^Show run int multilink 12 

Building configuration... 

Current configuration : 89 bytes 
i 

interlace Multilink 12 

ip address 10. 1. 12. 1 255.255.255.0 

ppp multilink 

ppp multilink group 1 2 

The "PPP Multilink" command enables the interface to support MLP (.Multilink 

Point-to-point Protocol) and the "PPP multilink group 12'" command identifies the 
Multilink group that will later he assigned to two or more interlaces that will 
restrict them to joining only the designated rnultilink-group. 

The following command creates a virtual-template interface and assigns the 
multilink group 12 to this logical interface. 

Rl (con fig Winter virtual -tern plate 12 
Rl (config-if)#ppp multilink group 12 

Finally, the virtual-tern plate 12 is assigned to the DLCIs: 

Rl(config-il>#int sO-'O 

R I (c o n fig- if )#en cap fr a m e 

Rl(config-if)#int sO/0.12 Multipoint 

Rl (config-subifj^frame-relay interface-dlci 102 ppp virtual-template 12 

R 1 iconl '.^-suhd'tsframe-relay interface-dlci 112 ppp virtual-template 12 

Rl(config)#int s0/0 
R 1 (co n fig- ii> N o Sh u t 

To verify the configuration: 



On m 



RlfrShow ppp mu.ti.ink 



CCIE R&l$> b\ Nartrfk kuehariuiis Adt uiccd CCiE R&S Work Book 2. II Pqge 338aflQ68 

C2009 X«rbik Koch* riinx All rijhu raerved 



No active bundles 
Mult il ink 12 (inactive) 
Member links: 2 

Vi3 (inactive) 

VI 1 2 (inactive) 

Note Hit; output ol the above command shows that them are no active bundles; this 
is because PPP Multilinking must be configured on both end points before its 

activated. 

On R2 

R'lconfigi^int multilink 21 

R2(config-ityip atldr 10.1.12.2 255.255.255.0 

R2(config)nint virtual-template 21 
R2(config-if)#ppp multilink group 21 

R2(config)#int s0/0 

R2 (c o n fig- ilVen cap Ira me- r el ay 

R2 (c o n fig- if)^ frame-relay interface-dlci 201 ppp virtual- Temp I ate 21 

R2(config-if>no shut 

R2iconfig-it>int sO/1 

RZiconfig-iiVencap frame-relay 

R2 (c o n fig- if)# frame-relay interface-dlci 211 ppp virtual- Tern pi ate 21 

R2(config-if)#no shut 

Note on K2 the virtual-template is assigned to two different physical interfaces, and 
frame-relay is configured directly under the physical interfaces. This is done 
intentionally to show the different implementations of this configuration. 

To verify the configuration: 



On kl 

Note the Mult ilinkl 2 logical interface is now up, this is because both routers/end 
points are configured with PPP multilink. 

R 1 r* S h o w pp p mu -t J. i n k 

Multilinkl2, bundle name is 112 

Kndpoint discriminator is R2 



CCIE R&<* by NarMk Kueharians Advanced CCIE R&S Work Book 2.0 Page 339oflQ68 

C 2009 Xarbik Koch* ruins. All rijIiU raerved 



Bundle up tor 00:1 6:04, total bandwidth 200000, load 1/255 
Receive buffer limit 24000 bytes, frag timeout 1.000 ms 

fragments bytes in reassembly list 

lost fragments, reordered 

0/0 discarded fragments /bytes, lost received 

0x24 received sequence, 0x24 sent sequence 
Member links: 2 active, 1 inactive (max not set, min not sct^ 

Vil, since 00: 16:04 

Vi2, since 00:16:03 

Ytl2 (inactive) 
No inactive multilink interfaces 



To verify the configuration: 



On R2 

R2"Sho\v ppp mult i". ink 

Mullilinkll, bundle name is Rl 
Endpuint discriminator is Rl 

Bundle up for 00: 18:19, total bandwidth 200000, load 1/255 
Receive buffer limit 24000 bytes, frag timeout 1(H) ms 

0/0 fragments bytes in reassembly list 

lost fragments, reordered 

discarded fragments bytes, lost received 

0x28 received sequence, 0x28 sent sequence 
Member links: 2 active, 1 inactive (max not set, min not set) 

Vil, since 00:18:19 

Vil, since 00:18:19 

Vt21 (inactive) 
No inactive multilink interfaces 



To test the configuration: 



On Rl 

Rl*Ping 10. 1.12.2 

Type escape sequence to abort. 

Sending 5, 100-bytclCMP Echosto 10.1.12.2, timeout is 2 seconds: 



Success rate is 100 percent (5'5), round-trip min/avgmax = 56/56/56 ms 
R l^Show in route b Gateway 



CCIE R&*> b) Narbik kuchariaiw Adt uiccd OOE R&S Work Book 2.11 Pqge 340afl068 

C 2009 Narbik Koch* runs. All rhjhls reserved 



Gateway of last resort is not set 

10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks 
C 1». 1.12.2/32 is directly connected, Multilinkl2 

C Ukf. 12.0/24 is directly connected, \1ultilinkl2 

Note the host route is installed because of PPP implementation. 



Task 2 

Configure CHAP authentication between the two routers. Use "Cisco" as the password. 



On Rl 

RI(config)r*username R2 password Cisco 

R!(config)#inl virtual-template 12 
Rliconl1g>if)rrppp authentication chap 

On R2 

R2(c onfig)# user name Rl password Cisco 

R2(config)f*int virtual-template 21 
R2(config-if)r*ppp authentication chap 

Note- the authentication is configured under the virtual-template interlace. 
To verify the I'onf'iauration: 
On Rl 



R2# S h o w pp p mu .t i. i nk 

Mult ilink 1 2. bundle name is R2 
Username is R2 
Endpoint discriminator is R2 

Bundle up for 00:00:28, total bandwidth 200000, load 1/255 
Receive buffer limit 24000 bytes, frag timeout 1000 ms 

0/0 fragments/bytes in reassembly list 

8 lost fragments, 1 reordered 



CCIE R&^ bj Narbik kuL-hariaiw Adt anted OCIE R&S Work Book 2.0 Pqge Ul of 1068 

C2Q09 Narbik Kucha rianx All rig lib reserved 



4 350 discarded fragments bytes, 2 lost received 
0x12 received sequence, 0x2 sent sequence 
Member links: 2 active, 1 inactive (max not set, min not set) 
Vil, Siiu» 00:00:29 
Vi2, since 00:00: 18 
Vtl2 (inactive) 

Note this line is added and it indicates that authentication is configured. 

To test the eon figuration: 

On R2 

R2#Pbg 10. 1.12.1 

Type escape sequence to abort. 

Sending 5, 100-byte 1CMP Echos to 10. 1. 12. 1, timeout is 2 seconds: 



Success rate is 100 percent (5/5), round-trip min.'avg max = 52 55 56 ms 



Task 3 

Erase the startup configuration and reload the routers before proceeding to the next 
section. 



CCIE R&* by Narvik Kucharians Advanced CCIE R&S Work Book 2.0 Page 342 of 1068 

E 2009 Narbik Kucha rianx All rijjhu rcirncd 



Lab 9 - Back-to-Back Framc-rclav connection 




Lab Setup: 

> No Setup is necessary: this lab is configured on the serial interface of Rl that 
is directly connected to R3 without the presence of a frame- re I ay switch. 



IP ail drcs sin g: 



Router 


Interface/ IP address 


I) LCI assignment 


Rl 


SO 1 =200.1.1.1 24 


1 13 


R3 


SO/1 = 200.1.1.3/24 


113 



Task I 

Configure Frame-relay between Rl and R3. you should use the IP address, interface and 
the DLCls provided in the IP Addressing table above, 



In this scenario we do not have a frame-relay switch connecting the routers: these 
routers are connected back to back using a DTE &^> DCE serial cable. The router 
that is connected to the DCE side should provide the clocking using the "Clock 

rate" interface configuration command, the DCE side can be 

determined using Hie "Slum eon) rotter S 0/1 "' command as folbms: 



CCIE R&«> bv Narblk Kucharians 



Advanced CCIE R&S Work Book 2.0 

C2009 Narlrib Kucharuni. All rijhu reserved 



Page 143 of 1068 



R I *Sh controllers Oi 

CD2430 Slot I, Port 0, Controller (1, Channel 0, Revision 19 

Channel mode is synchronous serial 

idh 0x84E4BAB8, buffer size 1524. V.35 PCE cable 

f The rest of the output is omitted) 

In this case since the frame-relay switch does NOT exist, the LMIs should be 
disabled using the "No KeeiKilive " 1 ' interface configuration command, and the 
frame -re I ay mapping should be done statically. 

When configuring the Frame-relay mapping, the DLCls should be identical on 
both eiuK 

On Kl 

Rl (config)# interlace Serial Q/l 

Rl i;config-if)#ip address 200.1. 1. 1 255.255.255.0 

Rl(config-if)r* encapsulation frame- re lay 

Rl (config-if)# no keepalhe 

Rl(config-if)# clock rate 64000 

Rlfconfig-ilV frame-relay map ip 2111(1.1.1.3 113 

On K3 

R3fconfig)# interlace ScrialQT 

R3(config-il>ip address 200.1 . 1.3 255.255.255.0 

R 3 ( c o n fig- if)# encap su 1 atio n frame- re lay 

R3(config-if)# no keepalive 

R3(config-il> frame-relay map ip 200.1.1.1 113 

To verify & test thL 1 i-onffeuration: 

On kl 

Rl*Ping 200.1.1.3 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echos to 200. 1.1.3, timeout is 2 seconds: 



Success rate is 100 percent (5/5), round-trip min/avg'max = 28/29/32 ms 
RI#Sho\v frame-relay Imi 

Rl?* 



CCIE R&<> by NarMk Kuehariaits Advanced CC1E R&S Work Book 2.0 Page 144 of 1068 

£2009 Narbik Kuchiriini. All rijjhtj rcirnd 



Note there are no LMIs, because they are disabled. 

Rl^Show frame-relay pvc 

PVC Statistics for interlace SerialOT (Frame Relay DTEj 

Active Inactive Deleted Static 
Local (.1 

Switched 

Unused 

DLCI = 1 13, DLCI USAGE = LOCAL, PVC STATUS = STATIC, INTERFACE 
ScrialO.T 




input pkts 5 

out bytes 520 
out pkts dropped 
in FECN pkts 
out BECN pkts 
out beast pkts 



output pkts 5 in bytes 520 

dropped pkts in pkts dropped 

out bytes dropped 
in BECN pkts out FECN pkts 

in DE pkts out DE pkts 

out beast bytes 
5 minute input rate bits'scc, packets'scc 
5 minute output rate bits' sec, packets'scc 
pvc create time 00:29:24, last time pvc status changed 00:29:24 

Rlr*Show frame-relay map 

ScriaKIT (up): ip 200. 1.1 J dlci 1 1 3(0x7 L Ox lclO) r static, 
CISCO 



Task 2 

Reconfigure the routers such that Rl uses DLCI 103 to send and DLCI 301 to receive 
packets, whereas, R3 should use DLCI 301 to send and DLCI 103 to receive packets. 
You should configure interface SO I to accomplish this task. 



In this configuration, «e are asked to configure these routers using different DLCls, 
103 connecting Rl to R3 and 301 connecting R3 to Rl. 

On Rl 



R 1 (c o n fig')# in tcrfac c S cr ial 



CCIE R&«* bv Narbik Kuchai-ians 



Advanced CCIE R&S Work Book 2.0 

E 2009 Var l>ik Kucha riini All rijhu reserved 



Page US of 1068 



R](config-if>ip address 200. 1.1. 1 255.255.255.0 
Rl (config-if)# encapsulation frame-relay 
RI(config-if)# no kccpalive 
Rl (config-if)* clock rate 64000 

The following command removes the frame-relay mapping that was configured in the 
previous task and adds the new mapping: 

Rli;config-iiy\() frame-relay map ip 20(1.1.13 113 
R](config-if)rM'rame-relay map ip 200.1.13 103 

On K3 

R 3 (c o n fig)# in tcrtacc Serial Q 1 ' 1 
R3(config-it>ip address 200.1. 1.3 255.255.255.0 
R 3 ( c o n fig- if)#enc ap su latio n fram c- relay 
R3(config-if)#no kccpalive 

R3(config-ii>NO frame-relay map ip 200.1.1.1 131 
R3(config-il>frame-relay map ip 200.1.1.1 301 

To verify and test the con figuration: 

On Both Routers: 

"Debug ip packet 

■^ Debug Frame-relay packet 

On Rl 



Rl f^Ping 200.1.1.3 

Type escape sequence to abort. 

Sending 5 ; 100-bytc ICMP Echos to 200. 1. 1.3, timeout is 2 seconds: 

Success rate isO percent (0/5) 

Note the ping is NOT successful and the following messages on R3 will reveal the 

reason: 

SerialOT! FR invalid unexpected pak received on DLC1 103 
SerialOT: FR invalid 'unexpected pak received on DLC1 103 
SerialOT: FR invalid/unexpected pak received on DLC1 103 
SerialOT: FR invalid/unexpected pak received on D1.C1 103 



CCIE R&* by Narhflt Kuchariuiw Advanced CCIE R&S Work Book 2.0 Page 146 of 1068 

C 204)9 Var bib Kucha riam. All rights raerved 



SerialOT: FR invalid 'unexpected pak received on DLCI 1(93 

Note the above errors are received on R3 because the DLCIs don't mutch. Rl does not 
know about DLCI 1(13. Remember that they are connected directly. 
To fix this problem. R3 can be configured to receive data on DLCI 1(13 and send on 
DLCI 301, as follows: 

On K3 

R3(config)#int SO/] 

R3 (con fig- itV frame-relay interface-dlci 1(93 

To verify and ti'st the configuration: 

On K3 

R3#Dcbug frame relay packet 

On Rl 

Rigging 200. 1.1.3 repeat 4 

On K3 

ScrialOTCi): dlci 103(0x187 1 ), pkt type 0x800, datagramsizc 104 
Scrial0/l(o): dlci 3()l(0x48Dl), pkt 'type 0x80 CHIP), datagramsizc 104 

ScrialOTCi): dlci 103(0x1871), pkt type 0x800, datagramsizc 104 
SerialOT (u): dlci 301(0x4801), pkt "type OxSOOflP), datagramsizc 104 

ScrialO/ICi): dlci 103(0x1871 ), pkt type 0x800, datagramsizc 104 
ScrialO/](u): dlci 3()l(0x48DI), pkt "type OxSOOflP), datagramsizc 104 

ScrialOTCi): dlci 103(0x1871), pkt type 0x800, datagramsizc 104 
SerialOT (o): dlci 301(0x48Dl), pkt "type OxSOOflP), datagramsizc 104 

Note the incoming traffic uses DLCI 103, whereas, the outgoing traffic uses DLCI 301. 
Til test the configuration: 



On kl 



Rl#Dcbug Frame* relay Packet 



CCIE R&S by Narbik Ku char urns Advanced CCIE R&S Work Book 2.0 Page 14? of 1068 

C2009 Narbik Kucha rianx All rights raervwl 



On K3 

R3*Ping 200.1.1.1 repeat 4 

On Kl 

SeriaIO/1: FR invalid 'unexpected pak received on DLC1 3(11 
SerialOT: FR invalid 'unexpected pak received on DLC1 301 
SerialOT: FR invalid 'unexpected pak received on DLC1 301 
SerialOT: FR invalid unexpected pak received on DLC1 301 

Note the same problem, the traffic comes in on I) LCI 301 and the local router is NOT 
aware of this DLCI. To fix the problem: 

Rlfconfig^intSO-T 

Rl icon fig- if)£ frame-relay interface- dlci 301 

To verify and test the configuration: 

On K3 

R3#Ping 200. I.I.I repeat 4 

On Kl 

Serialtt/I(i): tllci 301(0x48Dl), pkt type 0x800, datagramsize 104 
SerialO.'Ko): dlci 1113(0x1871), pkt type OxSOO(lP), datagramsize 104 

SerialO.T(i): dlci 301(0x48Dl), pkt type 0x800, datagramsize 104 
SerialO.'Ko): dlci 103(0x1871), pkt type 0x800(lP), datagramsize 104 

Serial!) 1 lit: dlci 301(0x48Dl), pkt type 0x800, datagramsize 104 
SerialO.'Ko): dlci 103(0x1871), pkt type 0x800(lP), datagramsize 104 

SerialO T(i): dlci 301(0x48Dl), pkt type 0x800, datagramsize 104 
SerialO.'Ko): dlci 103(0x1871), pkt typeOxSOO(lP), datagramsize 104 

R If* Show frame map 

ScrialO.'l (up): ip 200.1.13 dlci 103(0x67,0x1870), sialic, 
CISCO 

On K3 



CCIE R&$ by Narbik Kuchariaiw Advanced CC1E R&S Work Book 2.0 Page 148 of 1068 

£ 3009 Narbik Kuchariani. All rights reserved 



R 3" Show frame map 

ScrialO/1 (up): ip 200.1.1.1 did 301(0x1 2D,(I\<«D(I), static, 
CISCO 

To test connectivity: 
On Rl 



Rl*Ping 200. 1.1.3 

Type escape sequence to abort. 

Sending 5 r 100-bytc ICMP Echos to 200. 1. 1.3. timeout is 2 seconds: 

Success rate is 1(H) percent (S'5), round-trip rnin/avg'max = 28/30/33 ms 

On K3 
R3#Pijjg 200.1 1.1 



Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 200. 1. 1. L timeout is 2 seconds: 

iini 

Success rate is 1(H) percent (5/5), round-trip min/avg'max = 28/29/32 ms 



Task 3 

Rc-conllgurc Rl as the frame-relay switch and a router connecting to R3. whereas. R3 
should be configured as a router connecting to Rl using SO 1 interface. Rl should use 
DLC1 103 for its connection to R3 and R3 should uscDLCl 301 for its connects n to Rl. 
You should NOT disable LMls to accomplish this task. 



On Rl 

R! (c o n fig )# frame switching 

Rl(config)#intSO/l 

Rl(config-ii)#ip addr 200. 1. 1.1 255255.255.0 

Rl (config-ilVcncap frame-relay 



CCIE R&* by Narvik Kuchariaiw Advanced CCIE R&S Work Book 2.0 Page 149 of 1068 

C2Q09 \»rbik Koch* runs. All rij[liU rcirrvcd 



Rl(config-if)#cIock rate 64000 

Rl (config-ii>frame map ip 200.1.1 J 103 
R](config-if)#l'rame interface did 301 

Rl (c on fig- if)#framc- relay in tl- type dec 

On K3 

R3(config-if)#int SO/1 

R3(config-if)#ip addr 200. 1. 1 .3 255255.255.0 
R 3 (c o n fig- if)#encap fram c- relay 
R3(config-it> frame map ip 200.1.1.1 301 

To verify and test the configuration: 
On Rl 



Rl#5how frame Imi ' B Num 

\um Status Enq. Rcvd 1 1 Num Status msys Sent 11 

Num Update Status Sent Num St Enq. Timeouts 

On K3 

R3"Sho\v frame- relay Imi I B Num 

Num Status Enq. Sent IS Num Status msys Revd 19 

Num Update Status Rcvd Num Status Timeouts 

Last Full Status Rcq 00:00:00 Last Full Status Rcvd QGfc0O:Q0 

R3"Show frame-relay pvc 301 

PV'C Statistics for interface ScrialOT (Frame Relay DTE) 

DLC1 = 301, DLC1 USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = 
ScrialO.T 



input pkts 3 
out bytes 520 
out pkts dropped 
in FECN pkts 
out BECN pkts 
out beast pkts 



output pkts 5 in bytes 102 
dropped pkts in pkts dropped 
out bytes dropped 
in BECN pkts out FECN pkts 
in DE pkts out DE pkts 
out beast bytes 
5 minute input rate bits sec, packcts'scc 
5 minute output rate bits' sec, packets sec 



CCIE R&«* bv Narbik KucharLans 



Advanced CCIE R&S Work Book 2.0 

C 20(19 Varbik Kucha rbn». All rig lib raerved 



Page 350 of 1068 



pvc create time 00:06:03, last time pvc status changed 00:02:42 

R3r*Show frame- relay map 

ScrialO/1 (up): ip 200.1.1.1 dlci 301(Oxl2D,0x48DO), static, 
CISCO, status defined, active 

R3*Fing 200.1.1.1 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echos to 200. 1.1.1, timeout is 2 seconds: 

III M 

Success rate is 100 percent (5/5), round-trip min/avg'max = 28/30/33 ms 



task 4 

Erase the startup configuration and reload the routers before proceeding to the next lab. 



CCIE R&«* by Narbik Kuchariaiw Advanced CCIE R&S Work Book 2.0 Page 3S1 of 1068 

£ £009 N«rl>ik Kucha riaiu. All rij|hu raerved 



Advanced 
CCIE Routing & Switching 

2.0 

www ,.Mic j 'unii'sTraininu.i'oiii 



Narbik Koeharians 

CCIE #12410 
R&S, Security, SP 



On Demand 
Routing 



CCIE R&S by Narhik Kuchariaiw Advanced CCIE R&S Work Book 2.0 Page 3S2o/J068 

E Will 9 Narbik Kuchiriani. All rijhU rcicnnl 



Lab 1 - On Demand Routine 




H 



SIMM 2 10.1.12.1 )24 
SIMM 3 10.1.13.1124 
SQ'D.U 10. 1.14.1. '24 



10.1.14.4,24 



/V 





~ 



10.1.13.3.24 SOfl.31 




< 



S0.'D.21 



10.1.122/24 




Lab Setup: 



> Configure all frame- relay connections in point to point manner, with Rl as the 

hub and R2 - R4 as the spoke routers. 

> L'sc the IP addressing chart below for IP assignment. 



CCIE R&* by Narbik KueharLaiw Advanced CCIE R&S Work Book 2.IJ 

£ 3009 \«rl>ik Kudu runt. All rijjhu rcjervcii 



Page 3S3 of 1068 



II J addt Lssinjj; 



Router 


Interface ■' IP address 


DLC1 


assignment 


Rl 


SO 0.12 = 10. I.P.I .PA 


102 






SO 0.1 3 =10.1.13.1/24 


103 






SO 0.14 = 10.1.14.1/24 


104 






LoopbackO =1.1.1.1 ft 






R2 


SO/0.21 = 10.1.12.2 '24 
LoopbackO =2.2.2.2 8 


201 




R3 


SO 0.31 =10.1.13.3/24 
LoopbackO =3.3.3.3/8 


301 




R4 


SO/0.41 =10.1.14.4/24 
LoopbackO =4.4.4.4 '8 


401 





I'ASk 1 

Configure ODR on the appropriate muter and ensure lull connectivity between the 
routers. 



On Rl 

Rl i'config)f* Router odr 
Rl#Sh ip route 

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP 

D - EIGRP, EX -E1GRP external, O - OSPF, I A - OSPF inter area 
XI - OSPF N'SSA external t>pc 1 , N2 - OSPF XSSA external type 2 
El - OSPF external type 1 , E2 - OSPF external type 2 
i - IS-IS, su - IS-1S summary, LI - IS-1S lcvcl-1, L2 - IS-1S lcvcl-2 
ia - IS- IS inter area., * - candidate default, L" - per- user static route 
o - ODR, P -periodic downloaded static route 

Gateway of last resort is not set 

C 1 .0.0. 0/8 is directly connected, LoopbackO 

o 2.0.0.0/8 |160/11 via 10.1.12.2, 00 : 00:20, Serial0/0.12 

u 3.0.0.0/8 1160/11 via 10.1.13.3, 00:00:18, SerialO/0. 13 



CCIE R&!s bv Narvik KuL-harians 



Advanced CCIE R&S Work Book 2.0 

C 3009 Varbik Kucha riaiu. All righla reserved 



Page 354 of 1068 



4.0.0.0/8 |160/11 Via 10. 1.14.4, 00:00:35, Serial0/0.14 

10.0 .0.0/24 is subnet ted 3 subnets 
C [(XI. 1 4.0 is d ircctly connected, ScrialO/0. 14 
C ! ft 1 .1 3.0 is d ircctly connected, ScrialO'O. 13 
C I ft 1 .12.0 is directly connected, ScrialQ/0. 12 

R2*Show ip route 

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP 

D - E1GRP, EX -E1GRP external, O - OSPF, LA - OSPF inter area 
M - OSPF XSSA external type 1 , N2 - OSPF XSSA external type 2 
El - OSPF external type L E2 - OSPF external type 2 
i - 1S-1S, su - 1S-1S summary, LI - 1S-1S lcvcl-l,"L2 - 1S-1S lcvcl-2 
ia - IS- IS inter area, * - candidate default, L* - per- user static route 
o -ODR, P - periodic downloaded static route 

Gateway of last resort is 10.1.12. 1 to network 0.0.0.0 

C 2.0.0.0 8 is directly connected, LoopbackO 

1 0.0.0. 0/24 is subletted, I subnets 
C 10. 1 .12.0 is directly connected, ScrialO/0.2 1 
o* 0.0.0.0/0 1160/11 via 10.1.12.1, 00:00:28, SerialO/0.21 

R3r*Show ip route 

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP 

D - E1GRP, EX -E1GRP external, O - OSPF, IA - OSPF inter area 
M - OSPF XSSA external type I , X2 - OSPF XSSA external type 2 
El - OSPF external type I, E2 - OSPF external type 2 
i - IS-1S, su - IS-IS summary, LI - 1S-1S lcvcl-1, L2 - IS-1S lcvcl-2 
ia - 1S-1S inter area, * - candidate dctault, L' - pcr-uscr static route 
o - ODR, P - periodic downloaded static route 

Gateway of last resort is 10.1.13. 1 to network 0.0.0.0 

C 3.0.0.0 8 is directly connected, LoopbackO 

10.0.0. 0/24 i s su bn ctt cd, I sub nets 
C 1 0. 1 . 1 3.0 is d ircctly connected, ScrialO'O. 3 1 
o* 0.0.0.0/0 |160/11 via 10.1.13.1, 00:00:43, SerialO/OJl 

R4r*Show ip route 

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP 

D - E1GRP, EX -E1GRP external, - OSPF, LA - OSPF inter area 
XI - OSPF XSSA externa] type 1 , X2 - OSPF XSSA external type 2 



CCIE R&*> b* Narblk Kuchai-ians Ad* an cud CCIE R&S Work Buok 2.11 Page 3SSoflQ68 

C 2009 Narbik Kocharians. All ryhb raervetl 



El - OSPF external type I, E2 - OSPF external t>pc2 
i - [S-IS, su - 1S-1S summary, LI - IS-IS level- 1,*L2 - 1S-1S lcvcl-2 
ia - 1S-1S inter area. * - candidate default, L* - pcr-uscr statie route 
c - ODR, P - periodic downloaded statie route 

Gateway of last resort is 10.1.14. 1 to network 0.0.0.0 

C 4.0.0. 0/8 i s d i rcc t ly co n nee ted , Loo p b ac kO 

1 0.0.0. Q'24 is subletted, 1 subnets 
C 1 0. 1 . 1 4.0 is d ircctly connected, ScrialO/0.4 1 
o* 0.0.0 .WO |160/1] via 10.1.14.1, 00:00:45, Serial0/0.41 

R4*Ping 1.1.1.1 

Type escape sequence to abort. 

Sending 5, 100-bytclCMP Echosto 1. 1. 1.1, timeout is 2 seconds: 



Success rate is 100 percent (5/5), round-trip min/avg'max = 56/56/60 ms 

R4*Ping 2.2.2.2 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echosto 2.2.2.2, timeout is 2 seconds: 



Success rate is 100 percent (5/5), round-trip min/avg'max = 1 12/112/1 12 ms 

R4*Ping 3.3.3.3 

Type escape scqucnec to abort. 

Sending 5, 100-bytc 1CMP Echos to 3.3.3.3, timeout is 2 seconds: 



Success rate is 100 percent (5/5), round-trip min/avg'max = 1 12/113/1 16 ms 

ODR is a nice solution in a small hub and spoke scenario where the spokes are stub 
networks. ODR uses CDP as its transport. Ensure that the CDP versions match. 



Task 2 

Erase the startup configuration and reload the routers before proceeding to the next lab. 



CCIE R&5> by Narvik Kuehuriaiw Advanced CC1E R&S Work Book 2.0 Page 3S6oflQ68 

C2009 >iarl>ik Kucha riani. All rijjhu raerved 



Advanced 
CCIE Routing & Switching 

2.0 



www .Miij uniisTntinin^ium 



Narbik Kocharians 

CCIE #12410 
R&S, Security, SP 



RIPv2 



CCIE R&S by Narbik KoeharLans Advanced CCIE R&S Work Book 2.0 Page 3S? of 1068 

€ 3009 Narbik Kucliariaru. All right! racrvctl 



Lab 1 - RIPv2 and Frame-Relay 




SO/0.123 1 0.^1.1 At 



10.11.2 £4 SGrt> 





90-0 



10.1.1.3)24 




Lab Setup: 



Confgurc Rl lis I In: hub und routers R2 and R3 as the spokes. 

Configure all routers in a Frame-relay Multipoint manner. DC) NOT configure 
sub- interfaces on R2 or R3. Rl should be configured with a suh- interface in a 
multipoint manner. Use the broadcast keyword where necessary. 

Use the IP addressing chart below for IP assignment. 



CCIE R&*> bv Naroik KuL-harians 



Advanced CCIE R&S Wark Book 2.0 

C 2009 Nvbik Kucha run*. All rij|hti raerv«l 



Page 358 of 1668 



II* addressing: 



Router 


Interface/ IP address 


Rl 


SO 0.123 = 10.1.1.1 24 
Loopback0 = I.I. 1.1/8 


R2 


SOW =10.1.1.2/24 
LoopbackO = 2.2.2.2 8 


R3 


SO .0 = 10. 1 .1.3 24 

LoopbackO = 1 n - n - 1 /8 



1 ask 1 

Configure RlPv2 on all routers and advertise their directly connected interlaces in this 
routing protocol. Ensure that these routers have full NLRI to all the loopback interfaces 
advertised in this routing protocol. 



On Rl 

R I (con fig- ifjrrro titer rip 

Rl (config-routcr)#vcr 2 

Rl (config-routcr)#no au 

R 1 (config-rou tcr)#nct\v 1 0.0.0.0 

Rl (config-routcr.^netw 1 . 0. 0.0 

On R2 

R2 (con fig- iftrrro Liter rip 
R2(config-routcr)#no au 
R2(config-router)#vcr 2 
R2(config-rotitcr)#nctw 10.0.0.0 
R2 1 config-rou tcr)r#nct\v 2.0. 0.0 

On R3 

R3 (con fig- ifjrrro titer rip 
R3(config-rotiter)#oo au 
R3(config-routcr)r*\cr 2 
R3(config-routcr)#nct\v 1 0. 0. 0. 



CCIE R&i* bv Narbik KuL-harians 



Ad* ancL-d CCI E RA.S Uurk Book 2.0 

£ 2009 Varbik Kudu rum. All rijjhlj reserved 



Page 359 of 1068 



R3(config-routcr)#nctw 3.0.0.0 
'I'o verify the configuration: 

On Kl 

Rl#Sho\v ip route rip 

R 2 .0 .0 . 0/8 [ 120/ 1 J via 1 . 1 . 1 .2 , 00 :00 : 7 , Serial0/0 .123 
R 3.0.0,0/8 [120/1] via 10.1. 1.3, 00:00:15, SeriaK)/0.123 

On R2 

R2#Show ip route rip 

R 1 .0 .0.0/8 [ 120/ 1 J vi a 1 . 1 . 1 . 1 , 00 :00 :0 7 , Scrial0/0 

On K3 

R 3* Show ip route rip 

R 1 .0.0.0 8 [120/1 J via 1 0. 1 . 1 . I , 00:00:23, Scrial0/0 

Note the spoke routers do not see each others loopback interfaces: this is because of 
IP split horizon. If the hub router is configured in a multipoint manner using a sub- 
interface, then, the IP split horizon is ENABLED, whereas, if the hub is configured 
in a multipoint manner using the physical interface, then, the Split horizon is 
DISABLED, the following show commands will reveal this information: 

Note the following shows the sub- interlace SO/0.123 which is configured in a 
multipoint manner and it also reveals that IP split horizon is enabled . 

On kl 



RjgShow ip interlace SO/0.123 I Inc Split 

Split horizon is enabled 

The following command shows that S0/0 interface of R2 which is configured in a 
multipoint manner has its IP split horizon disabled. 

On R2 



CCIE R&<* by \iu-Hk Kucharians Advanced CCIE R&S Work Book 2.0 Page 360 of 1068 

£2009 Xarbik Kuchiriani. All rig lib rcirrvcii 



R2*Ship intSOO Inc Split 
Split horizon is disabled 

To resolve this problem: 

On Kl 

Rl(config)#int SO/0. 123 
Rl(config-subif)#\0 ip split-horizon 

10 verify the confiauratinn: 

On Rl 

Rl^Ship intsO 0.123 line Split 

Split horizon is disabled 
On R2 

RZfrShow ip route rip 

R 1 .0.0.0 8 [ 120/ 1 J via 1 0. 1 . 1 . 1 , 00:00: 1 2, ScrialO/0 
R 3 .0 .0 .0/8 [ 120/2 ] via 1 0. 1 . 1 3, 00 : : 1 2 , Scrial0/0 

On K3 

R 3" Show ip route rip 

R 1 .0.0. 0/8 [ 120/ 1 J via 1 0. 1 . 1 . 1 , 00:00:22, ScrialO/0 
R 2.0.0.0 8 [120/2] via 10.1. 1 .2, (0:00:22, Scrial0/0 



Task 2 

Ensure that every router can Ping every ioopback interface advertised in this routing 
domain. 



On R2 



COE R&S by NarMk KoeharLaiw Advanced CCIE R&S Work Book 2.0 Page 361 of 1068 

C2009 Narvik Kochariaiu. All rij|hU raerved 



R2*Ping 3.3.3.3 

Type escape sequence to abort. 

Sending 5. 100-bytc 1CMP Echo a to 3.3.3.3, timeout is 2 seconds: 

Success rate isO percent ((1/5) 

On K3 
R3#Pbg 2.2.2.2 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echosto 2.2.2.2. timeout is 2 seconds: 

Success rate isO percent (0/5) 

Note even though the prefixes advertised are in every router's routing table, R2 and R3 
do NOT have reachability to each others loophack interlace: 

On R2 

R 2" Show ip route rip 

R 1 .0.0. 8 [ 120/ 1] via 10.1 . LI, 00:00: 12, ScrialO/0 
R 3.0.0.0.. 8 [ 120/2] via 10.1. 1 .3, 00:00: 12, Scrial0/0 



On K3 

R3f?Show ip route rip 

R 1 .0.0,0/8 [ 120/ 1 J via 1 0. 1 . 1 . 1 . (IJ#fl!22 s Scrial0/0 
R 2.0.0*0/8 [ 120/2] via 10.1.1 .2,1)0:00:22, ScrialO/0 

To t'iv thi. 1 problem: 

On R2 

R2(config)#Int SO/0 
R2(config-if)#Framc-rclay map ip 10. 1.1.3 20 1 

On K3 

R3(config^lnt S00 



Note the next hop IP address is set 
'Based on the originating router 
and NOT the advertising router 



CCIE R&<> bv Nar»ik Kuirhariami 



Advanced CCIE R&S Work Book 2.0 

£ 3009 Virbik Kudu rum. All righti reserved 



Page 362 of 1068 











R3(config-if>Framc»rclay map ip 10. 1.1.2 301 
To test the configuration: 
On R2 

R^Ping 3.3.3.3 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echosta 3.3.3.3, timeout is 2 seconds: 

(MM 

Success rate is 100 percent (5/5), round-trip min/avgmax = 1 12/113/1 17 ms 

On K3 

R3*Ping 2.2.2.2 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echosto 2.2.2.2, timeout is 2 seconds: 

(MM 

Success rate is 100 percent (5/5), round- trip min/avg'max = 1 12/125/168 ms 






Task 3 

Remove the "no ip split-horizon" and the "Frame-relay map"' statements from R2 and 
R3 that was configured in the previous steps and ensure that R2 and R3 can ping each 
other's ioopback interlace. DC) NOT configure static routes or reconfigure Frame-relay to 
accomplish this task. Ensure that the next hop IP address is NOT changed and its still the 
IP address of the router that is originating the prefix. 






PPP ! s behavior is used to accomplish this task, when PPP is running on a link, the host 
(Peer neighbor's routes) is added to the routers routing table. 

On kl 

Rlfconfig^int SO/0. 123 

R 1 (config-subif)#ip split -horizon 

Rl(eonfig)#int SO 0.123 




cc 


IE R&* b) NarMk Koeharian* Advanced COE R&S Work Book 2.0 Page 363 of 1068 

C 2009 \»rbik Koch* runs. All rights reserved 





Rliconfig-subift^M) ip address 

RI(config-subif)#framc intcrtacc-dlci 102 ppp virtual -temp late 123 

Rl (config-fr-dlci)#framc interface-die i 103 ppp virtual-template 123 

R 1 (c o n fig-s ub if)#l ntcr v i rtual- temp late 1 2 3 

Rl (config-if)#ip address 1 0. I.I.I 255.255.255.0 

On R2 

R2(config)#intS0 

R2ieonfig-if)#NO ip address 

R2(config-if)?rframc intcrtacc-dlci 201 ppp virtual- Temp late 123 

R2 icon tig- if)#int virtual- temp late 123 
R2iconfig-if)#ip addr 10. 1.12 255255255.0 

On K3 

R3(config)#int SO 

R3iL-onfig-il>\() ip address 

R3 (eo nfig-if)# frame intcrtacc-dlci 301 ppp virtual- Temp late 123 

R3(config-if)#int virtual- temp late 123 
R3(config-it>ip addr 10. 1 . 1 .3 255255255.0 

To verify the configuration: 



On Rl 

R l^Show ip route rip 

R 2.0.0. 0/8 [ 120/ 1 J via 1 0. 1 . 1 .2, 00:00:08, Virtual- Access 1 
R 3.0.0. 0. 8 f 120/ 1 J via 1 0. 1 . 1 .3, GQ:0O:2O, Virtual -Access 2 

On R2 

Note the next hop IP address is NOT changed 
R2"Sho\v ip route rip / 

'he peer neighbor route added 
R 1 .0.0.0 8 [ 120/ 1 J via 10. 1 /J , 03:00:26, Virtual -Actress 1 
R 3. 0. .0 '8 1 1 2 0/2 1 \ i a 1 0. 1 . 1 .3 , 00 :0 : 2 6 AjPttraT^Acccss 1 

IO.O.O.G'8 is variably subnetted, 3 ^j.bnCts, 2 masks 
R 1 a 1.1 .3/32 1 120/1 1 via 10. L1J, 00:00:26, Virtual- Ace ess 1 



CCIE R&* by Narbik Koehariuiw Advanced CCIE R&S Work Book 2.0 Page 364 of 1068 

C 2009 Narbik Kucha rianx All rijjhU reirrvwl 



On K3 

R3nShow ip route rip 

R 1 .0 .0 .0/8 [ 120/ 1 J via 1 . 1 . 1 . 1, 00 : : 6 , V irt ual - Access 1 
R 2.0.0.0/8 1 120/2| \ia 10.1.1.2, 00:00:06, Virtual- Access 1 

10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks 
R 1 0. 1 .1 .2/32 1 120/1 1 via 10. 1.1.1, 00:00:06, Virtual- Access 1 

To test thf configuration: 



On R2 



RZsPing 3.3.3.3 



Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echos to 3.3.3.3, timeout is 2 seconds: 



Success rate is 100 percent (5/5), round-trip miin/avg'max = 1 16/116/1 17 ms 

On K3 

R3*Ping 2.2.2.2 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echos to 2.2.2.2, timeout is 2 seconds: 



Success rate is 100 percent (5/5), round-trip min/avg'max= 1 12/114/1 16 ms 



Task 4 

Erase the startup configuration and reload the routers before proceeding to the next lab. 



CCIE R&«» by Narbik Kuehariaiw Advanced CCIE R&S Work Book 2.0 Page 36Sofl068 

C 2009 Narbik Kucha rianx All rijjhu raerved 



Lab 2 - RIPv2 Authentication 



LoO 




10.1.1.0/24 



10.2.2.0/24 




Lal> Set Lip: 

> Configure the FQ'O interface of Rl and R2 in VLAN 12. 

> Configure the FO/1 interface of R2 and R3 in VL AN" 23 
5* L'sc the IP addressing chart below tor IP assignment. 

II 1 aLkltTssinjj: 



LoO 



Router 


Interface ■ IP address 


Rl 


FOG =10.1.1.124 
LoopbackO= 1.1.1.1/8 


R2 


FU/0 =111.1.1.2/24 
FO/1 =10.2.2.2-24 

LoopbaekM = 2.2.2.2 ,'S 


R3 


FQ 1 = 10.2.2.3.24 
LoopbackO = 3.3.3.3/8 



CCIE R&<* by NarMk Kucharians Advanced CCIE R&S Work Book 2.0 

C 1009 \«r l>ik Kucha rii n«. \l 1 rij| h U rticrv cd 



Page 366 of 1068 



1 ask 1 

Configure RIPv2 on Rl and R2 und advertise their directly connected networks in this 
routing protocol. You should disable auto summarization when configuring RIP. 



On Rl 

Rl (c o n fig- if )#ro Liter rip 

Rl (config-routcr)#vcr 2 

Rl (config-routcr)#no au 

R 1 (config-routcr^nctw 1.0. 0.0 

R I (c o n fig-ro u tcr )#nctw 1 . 0. 0. 

On R2 

R2 (con fig- if)#ro Liter rip 
R2(config-routcr)n ! no aLi 
R2(config-router)r ! \'cr 2 
R2(config-rou ter)#nctw 1 0.0.0.0 
R2(config-routcr)#nctw 2.0. 0.0 



To verify thi' configuration: 



On Rl 

Rl^Show ip route rip 

R 2.0.0. 0'8 [ 120/ 1 J via 1 0. 1 . 1 .2, 00:00: 1 5, FastE thcmctO 

10.0.0.0/24 is subnetted, 2 subnets 
R 1 0. 2 .2 .0 [ 120/ 1 J via 1 . 1 . 1 . 2, 0:0 0:27, Fas t E thcrnetO/0 

On R2 

R2#Show ip route rip 

R 1.0.0.0 8 [120/1 J via 10.1.1.1,00:00:16, FastE thcmctO 



CCIE R&«» by Narvik Kuehuriaiw Advanced CCIE R&S Work Book 2.0 Page 36? of 1068 

C 2009 Narbik Kucha rians. All rijjhu rcirncd 





Task 2 

Configure clear text RIPvZ authentication between Rl and R2. L'sc "cisco"as the 

password for this authentication. 






On Both Routers 

(config)#Kcy chain TST 
(config-kcychain)#kcy 1 
(config-kcychain-kcy)#key -string cisco 

(config-kcychain-kcy)#mt fD'O 

I con±ig-if)nip rip authentic at ion key-chain TST 

To verifv the configuration: 

On kl 

Rl#Show ip route rip 

R 2.0.0.0/8 [ 120/ 1 J via 1 0.1.1 .2, 00:00:0 1 , FastE thcrnctO. 

10.0.0.0724 is subnet ted, 2 subnets 
R 1 0.2 2 .0 [ 120/ 1 J v ia 1 . 1 . 1 . 2, 0:0 : 1 , Fas tE thcrnct0/0 

Note in RIPvl there are two types of authentication. Clear text and MD5. In RIP\2 
clear text authentication the key numbers do not need to match, meaning that Rl 

can use one key number and R2 can use a totally different one. 






Task 3 

Configure RIP v2 \-1D5 authentication between R2 and R3. these routers should use 
"ciseo23" as the password for this authentication. 






On k3 

R3 ( c o n fig-s ub if )#ro Liter rip 
R3 (con fig -router)?* no au 
R3(config-routcr)#vcr 2 
R 3 (c o n fig-ro u tcr)#nctw 10.0. 0. 
R3i;config-routcr)*nct\v 3.0. 0.0 




cc 


IE R&* b> Narbik KoeharLan* Advanced CCIE R&S Work Book 2.0 Page 368 of It 

E 2009 Narbik Kocluiruiiu. All ry lib reserved 


>6S 













On Routers R2 and R3 

(config)#kcy chain I S I 23 
(config-kcychairi^kcy 1 
(config-kcychain-kcy)#kcy-!itring cisco23 

(config^intfnT 

(config-if)#ip rip authentication key -chain I SI 23 

(config-if)#ip rip authentication mode md.5 

To verify the configuration: 

On R2 

R2* ! Sh ip route rip 

R 1.0.0.0/8 1120/11 via 10.1.1.1, 00:00:20, FastEthernetO/0 
R 3.0.0.0/8 |120/11 via 10.2.2.3, 00:00:16, FastElhernetO/l 

Note when configuring MD5 authentication, the passivords and the key numbers 
.MUST match on both routers, or else the routers will not exchange muting updates. 






Task 4 

Configure R2 such that it receives all routes from R3, whereas. R3 ignores v2 packet s 
from R2 ( 10.2.2.2). DC) NOT use any filtering, offset-list, route-maps or passive-interface 
to accomplish this task. 








In this case the behavior of MD5 authentication is used to accomplish this task, in 
RIPv2 MD5 authentication if the key numbers do NOT match, the router with a 
higher key number will receive all the routes and it will populate the received routes in 
its routing table, whereas, the router that has a lower key number will totally ignore 

all routes received from the other router. 

On R2 

R2(config)#No key chain TST23 

The key number of R2 is 2, whereas, the key number 

R2(config)#kcy chain TST2J..--' R3 is f. 

R2 (c o n fig-k c yc h ai n )#key 2 




cc 


IE R&* b> Narbik Kocharians Advanced CCIE R&S Work Book 2.0 Page 369 of 1068 

£ 2009 Narbik Kacharuiiu. All rij|hU rcirrvrd 





R2(config-kcychain-kcy)#kcy-string cisco23 

On K3 

R3*Show key chain TST23 

Key-chain T5T23: 

key 2 - text "cisci^" 

accept lifetime (always valid) - (always valid) [valid now] 
send lifetime (always valid) - (always valid) [valid now] 

To test the configuration: 

On K3 

R3#Show ip route rip 
R3# 

On R2 

RZg&how ip route rip 

R 1.0.0.0/8 [I20/1| via IflL 1.1.1, 00:00:18, FastEthernetO/0 

R 3.0.0.0/8 [120/1 1 via 10.2.2.3, 00:00:27, FastEtlienietO/1 

Note R2 will receive and process the routes, whereas, R3 will reject the routes because 
the kev numbers do not match and its kev number is hmer than R2's kev number. 



Task 5 

Erase the startup configuration and reload the routers before proceeding to the next lab. 



CCIE R&*» by Narhik Kuehariaiw Advanced CC1E R&S Work Book 2.0 Page 3?0ofl068 

C2009 Narbik Kucha rianx All rijjhu rcirncd 



Lab 3 - Advanced RIPv2 Mock Lab 



Logical Topology 



L01-1 




L0&1 



FO/O 



10.1.111.111,24 



-.c11.--i1.1y2d 



FO/O 



1 0.1.1 000.24 



10.1.13/24 



FO.O 



FO/O 10.1,' 133 ,24 





.112 Fflyo 
iai.n2joy24 




.21 


W^'^F 


FO/1 


.2 




10.1.240.24 


4 


FOX) 





socms 1 so/Me 

-us .106 
/24 




CCIE R&5> by Narvik Kuehariaiw Advanced CCIE R&S Work Book 2.0 

C2Q09 \irlrib Kucharunt. All righta reserved 



Page 371 of 1068 





IP Addressing chart: 








Router 


Interface 


Connecting to: 


IP Address 




Rl 


SO 0.12 


R2 


10.1.12.1 24 






SO 0.1 3 


R3 


10. 1.13.1 24 








SO 0.14 


R4 


10.1.14.1 ,24 








SO 1 


R: 


10.1.100.1 ,'24 








FO/0 


BBI 


100.1.1 I I.I 24 




\U 


SO/0.21 


Rl 


10.1.12.2 ,'24 






FO/0 


BBI 


10.1.112.2/24 








F0 1 


R4 


10.1.24.2/24 




R3 


SO, 0.31 


Rl 


10.1.13.3 24 






SO/1 


Rl 


10.1.100.3/24 








FO/O 




10.1.3.3 24 




R4 


SO/0.41 


Rl 


10.1.14.4 '24 






SO/0.45 


R5 


10.1.45.4 /24 








SO. 1 0.4 6 


R6 


10.1.46.4/24 








FO/0 


R2 


10.1.24.4 ,'24 




1^5 


SO 0.54 


R4 


10.1.45.5 24 






FO/0 


R6 


10.1.56.5,24 




R6 


SO'0.64 


R4 


10.1.46.6 '24 






FO/0 


R5 


10.1.56.6 ,'24 




BBI 


FO/0 


Rl 


10.1.111.111 ,'24 






Lol 




101.0.0.111 8 








Lo2 




102.0.0.111 9 








Lo3 




103.0.0.111 .iO 








Lo4 




104.0.0.111 /ll 








Lo5 




105.0.0.111 /14 








Lo6 




106. 1.1.33 ,'27 








Lo7 




107.1.1.1 I 1 /25 








Log 




108.1.1.65 26 








Lo9 




1 09. 1 .4. 1 1 1 /22 








Lo 1 




110.1.1.17/28 




BB2 


FO/0 


R2 


10.1.1 12.1 12, '24 






I.oO 




112.1.1.1 /24 








Lol 




112.2.2.2 ,'24 




BB3 


E0 




10. I.I 13.3/24 


cc 


IER&Sb\ Narblk Kucha 


rlflitt \d\ uiced CC1E R&S Work Book 2. II 


Page 172 af 1068 






C2009 Varbik Kiichiriini. All rqjhu reserved 





Lab Setup: 



VLANs: 



BB1 and Rl's FO'O interface should be configured in VLAN 1 1 I 

BB2 and R2's F'0/0 should be configured in VLAN" 1 12 

R2 : s F071 and R4's FQ'O interlace should be configured in VLAN 24 

BB3's EO. ■'0 should be configured in VLAN" 1 1 3. 

R3's F0 interface should be configured in VLAN 3 

R5 and R6 should have their FQ'O interface in VLAN 56. 



l-'rame-rchiv: 

• R4 should be configured with two sub- interfaces in a point-to-point manner, one 
connecting R4 to R5 and the second one connecting R4 to R6. 

• R5 and R6 should each be configured with a single point-to-point sub-interface 

co fine cum lo R4. 

• The frame-relay connection between Rl. R2. R3 and R4 should be configured in a 
hub and spoke manner as follows: 

Rl should be configured with three point-to-point sub-interfaces 
connecting it to routers R2. R3 and R4. 

Routers R2. R3 and R4 should each be configured with a point-to- 
point iramc>rclay connection to Rl . 



Trunk connection between the switches: 

SW- 1 and SW-2 should be connected to each other via ports F0/1 9 and F0/20 forming an 
1SL taink. 



CCIE R&5> by Narvik Kucharians Advanced CCIE R&S Work Book 2.0 Page J7J of 1068 

C2009 >iarl>ik Kucha rianx All rijjhu raerved 



Task 1 

Configure RlPv2 on the routers and advertise their directly connected interfaces in this 
routing domain. 



On All Routers 

(©OnfigJ#Ro Liter rip 
( c o nil g-rcmt er) r* No au 

(eoniig-rauter)#Vcr2 

j config-rautcr'^Nctwork 1 0. 0. 0.0 
On Rl 

R 1 (c o n fig)# Ro u tcr rip 

R 1 (conilg-rou tcr)#Network 1 00.0.0.0 

On R6 

RoftShow ip route rip 

100.0. 0.0/24 is subnetted, I subnets 
R 1 00. 1.1 1 1.0 [120/2] via 10. 1 .46.4 00:00:02, ScrialO/0.64 

10.0.0.0/24 is subnet ted, 9 subnets 
R 1 0. 1 .14.0 [120/1 J via 10. 1.46.4, 00:00:02, ScrialO 0.64 
R 10. 1.13.0 [120/2] via 10.1.46.4, 00:00:02, ScrialO 0.64 
R 10. 1.12.0 [120/2] via 10.1.46.4, 00:00:02, ScrialO/0.64 
R 1 0. 1 .3.0 [ 120/3] via 10. 1 .46.4, 00:00:02, ScrialO 0.64 
R I ft 1 .24.0 [120/1] via 10. 1.46.4, 00:00:02, ScrialO 0.64 
R I ft 1 .45.0 [120/1] via 10. 1.56.5, 00:00:0 1 , FastEthcrnctO/0 

[120/1] via 10.1.46.4, 00:00:02, ScrialO/0.64 
R I ft 1.11 2. [ 1 2 0/2 ] via 1 . 1 . 46 . 4, 00 : : 02 , Serial 0-0 . 64 



Task 2 

Set the RlPv2 timers on all routers to be twice as much as the default value lor update, 
invalidation timer, ho id down, and Hush timer. 



CCIE R&* by Narvik KucharLans Advanced CCIE R&S Work Book 2.0 Page 374 of 1068 

C2009 Narbik Kucha rianx All rijjhu raerved 



To find out the default parameters: 

On kl 

Rl#Show ip proto Inc Send lnva.;d 

Sending updates every 30 seconds, next due in 23 seconds 
Invalid after 180 seconds, hold down 180, Hushed after 240 

On All Routers 

(config)#Ro utcr rip 
Timers Basic ? 

<0-4294967295> Interval between updates 
Rl(config-roLitcr)rrtimcrs bask 60 ? 
<I-429*967295> Invalid 

R I iconl1g-routcr)#timers basic 60 360 1 
<0-4294967295> Holddcmn 

Rl(config-routcr)r#timcrs basic 60 360 360 7 
<l-4294967295> Flush 
Rl(config-routcr)#timcrs basic 60 360 360 480 
On All Routers 
(config-routcr)#Timcrs basic 60 360 360 480 



Task 3 

1 n order to avoid collisions. R6 should delay a regular periodic updates by up to 1 00 
milliseconds. 



On K6 

R6i;config-routcr)#Tirncrs basic 60 360 360 480 100 ^ This is the sleep timei 



CCIE R&$ by NarMk Kuchariara Advanced CCIE R&S Work Book 2.0 Page 37SoflQ68 

C 2009 >tarl>ik. Kucha riani. All riflhU raervetl 





Task 4 

R5 and R6 should suppress a flash update if the regular update is due in 10 seconds or 
less. 








On R5 and K6 

(config)#ro Liter rip 

(contig-ro Liter)?* flash- up date- threshold 10 

The Flash-update-threshold command suppresses flash updates when the arrival of 
a regularly scheduled periodic update matches, or is less than the number of seconds 
that is configured, in this case 1(1 seconds. The range is (1 — 3(1 seconds. 
The above configuration configures both routers to suppress a flash update, if the 
regular periodic update is due in 1(1 seconds or less. 

To verity the configuration: 

Rx^Show ip protocols 

Routing Protocol is "rip" 

Outgoing update filter list for all interfaces is not set 
Incoming update filter list tor all interfaces is not set 
Sending updates every 60 seconds, next due in 35 seconds 
Flash update is suppressed when next update due within 10 seconds 
Invalid after 360 seconds, hold down 360, flushed after 480 
(The rest of The output is omitted) 






Task 5 

The link between R4 ^--^ R5. R4 < — ^ R6 should use authentication when exchanging 
routing updates, the password for this authentication should be set to "cisco : \ these 
routers should use the strongest authentication method available in RIPvZ. 








On R4. R5 and R6 

(configWkcy chain TST 
(c o lijfig-k c ye h ai n)#kcy 1 
(co nfig-k c ye h ai n- k c y )# k cy -stri ng c i sco 




cc 


IE R&* b> Narblk KoeharLans Advanced COE R&S Work Book 2.11 Page 376 of 106& 

C2009 \»rbik Koch* rum All rijjhu raervetl 





On R4 






R4(config)#int SOMAS 
R4(config-if)#ip rip authentication 
R4(config-if)#ip rip authentication 


key-chain TST 
mode md5 


R4(config)#int S0.fl.46 
R4(config-if)#ip rip authentication 
R4(config-if)#ip rip authentication 


key-chain TST 
mode md5 


On R5 






R5i;config)#intS0 0.54 

R5(config-if)#ip rip authentication key-chain TST 

R5(config-if)#ip rip authentication mode md5 


On K6 






R6(config)#int SOU 64 
R6(config-if)#ip rip authentication 
R6(config-if)#ip rip authentication 


key-chain TST 
mode md5 


To verily the configuration: 






On R4 






R4#Show ip protocols Inc Interface TST 




Interlace Send Rccv Triggered RIP 
SeriaH)/0.45 2 2 
SerialO/0.46 2 2 


Key -chain 

1ST 

TST 



Task 6 

Rl is configured with RIPvZ and it's advertising its directly connected networks. Ensure 
that Rl receives 10 routes fromBBI. DC) NOT con figure tunnel,, secondary IP 
addressing tor this task. Ensure that Rl has reachability to all the networks advertised by 
BB 1 ; you arc allowed one static route to accomplish this task. 



CCIE R&«* by Narfaflc Koc-harians Advanced CCIE R&S Work Book 2.0 Page 37? of 1068 

C2009 Xarbik Kxidiariaiu. All righ U raervetl 



On kl 

R 1 (c o n figure u t cr rip 

R 1 (c o n fig-ro u t cr) 3 no v a I id a te- up d at e- sou r c e 

RIP and IGRP are the ONLY two muting protocols that validate the source IP 
address of incoming updates. 

Before RIP and' or IGRP routing protocols accept routes from a given neighbor, they 
want to make sure that the source IP address of the advertising router is fmm the 
same IP address space as the link that the two routers are connected to. If the routers 
that have to exchange routing information are from different IP address spaces, then 
the source validation should be negated using "no validate- up date -sou nee" 

To Verify the con ft aura titm: 
On Kl 

R IfShow ip route rip Inc 1 0. 1 . 1 1 1 . 1 1 1 



R 1 01 0.0.0 [ 120/ 1 1 via 1 0. 1 . 1 1 I . I 1 1 , 00:00: 1 2 

R 1 03. 0.0.0 [ 120/1 J via 1 0. 1 . 1 1 I . I I L 00:00: 1 2 

R 101.0.0.0 8 [120/1] via 10.1.1 11.111, 00:00:12 

R I 1 0. 1 . 1 . 1 6 [ 120/1 ] via 1 0. 1 . 1 1 1 . 1 11 , 00:00:12 

R 108.1.1.64 [120/1 J via 10.1 . 1 1 1 . 1 1 I, 00:00:12 

R 1 09. 1.4.0 [120/1 J via 10.1. II 1.1 11,00:00:12 

R 1 06. 1 . 1 .32 [ 120/1 ] via 1 0. 1 . 1 1 1 . 1 1 1 , 00:00: 12 

R 1 07. 1 .1.0 [ 120/1 J via 1 0. 1 . 1 1 1 . 1 1 1 , 00:00: 1 2 

R 1 04.0.0.0 [ 120/1] via 10. 1. 1 1 1 . 1 1 1 , 00:00: 12 

R 1 05.0.0.0 [120/1 J via 10. 1. 1 1 I . I 1 1 , 00:00:12 

Note, even though the networks are in the routing table of Rl, they are NOT 
reachable, because Rl does NOT have NLRI (Network Layer Reachability 
Information) to the next hop IP address (10.1.11 1.1 1 1) that is advertised. In order to 
provide reachability, the following static route is configured. 

On kl 



Rl (config)#]P route 1 0. 1 . 1 1 I . I 1 1 255.255.255.255 F0/0 
To test and verify the configuration: 
On kl 



CCIE R&S by NarMk KueharLans Advanced CCIE R&S Work Book 2.0 Page 378 of 1068 

C20Q9 Narbik Ktichiriani. All rights reirrvcii 











Rl#Piijg 101. 0.0.1 1 1 

Type escape sequence to abort. 

Sending 5, 100-bytc [CMP Echosto 101.0.0. Ill, timeout is 2 seconds: 

MM 

Success rate is 80 percent (4/5), round -trip min/avg/max = 1/1/4 ms 
Rl*Ping 110.1.1.17 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echosto 110. LI. 17, timeout is 2 seconds: 

MMI 

Success rate is 100 percent (5/5), round-trip min/'avg'max = 1/2/4 ms 






I ask 7 

Configure Rl such that only the existing and future prefixes with prefix -length of/1 to 
/26 arc allowed in RTs routing tabic. Rl should receive these routes from BBI and BBI 
ONLY. Do not use neighbor command to accomplish this task. 








(Jn kl 

The following pre fix-list identifies the existing and the future routes that have a 
prefix-length of/10 through .'26: 

Rl(config)#lP prefix-list NET seq 5 permit 0.0.0.11/0 ge 10 le 26 

The following pre fix- list identifies the BBI router: 

Rl(config)#lP prefix-list BBI seq 5 permit 10.1.111.111/32 

R 1 (c o n fig)# Ro u t cr rip 

Rli;eonfig-roLitcr)#Distrihute-lisl prefix NET gateway BBI in F0/0 

To test and verify the configuration: 

(Jn kl 

Rl#Sho\vip route inc 10.1. 111.111 




cc 


IE R&* b> Narbik Kucharians Advanced CC1E R&S Work Book 2.0 Page S79aflt 

C2009 \»rbik Koch* runs. All ry lib reserved 


*6i 





R 


] 03.0.0.0 [120/1 J via 1 0. 1. 1 1 I.I IK 00:00:25 


S 


10. 1. 1 1 1 . 1 1 1/32 is directly connected, Fast Ethernet 0/0 


R 


1 08. 1 .1 .64 [120/1 ] via 10.1 . 1 1 1 . 1 1 1 , 00:00:25 


R 


109. 1.4.0 [120/1 J via 1 0. 1. 1 1 1 . 1 I 1 , 00:00:25 


R 


107. 1.1.0 [120/1 J via 1 0. 1. 1 1 I . I I L 00:00:25 


R 


104.0.0.0 [120/1 J via 10. 1. 1 1 1. 1 1 1, 1)0:00:25 


R 


1 05.0.0.0 [120/1 J via 1 0. 1. 1 1 1 . 1 1 L 00:00:25 



Task8 

Configure Eigrp 100 on R2, and advertise it's link to BB2, if this configuration is done 
properly, R2 should receive two routes from BB2. 



On R2 

R2(config)#Routcr eigrp 100 

R2 (c o n fig-ro u t cr)# No au 

R2iconfig.ro Liter)* Net work 1(1.1.112.2 0.0.0.0 

To test and verify the unitimirtttion: 

On R2 

R2#Show ip route eigrp 

112.0.0.0/24 is subnetted, 2 subnets 
D I 1 2.2.2.0 [90 1 56 1 60J via 10.1.112.112, 00:04:52, FastEthcrnctO'O 
D 1 12.1.1.0 [90 156 160 J via 10.1.112.112, 00:04:52, FastEthcrnctO'O 



Task 9 

R2 should be configured to inject a default route into RlPv2's routing domain as long as 
anyone of the two networks arc in it's routing table. 



On R2 
















R2(config)* 


Al'L'L'SS 


-list 1 


pel 


mit 112. 


1 


.1.00.0.0 


255 



CCIE R&* by NarMk Kueharians Advanced CCIE R&S Work Book 2.0 Page iSOa/1068 

C Z009 Xarbik Kuchariani. All rijjIiU rcirrvril 











RZiconfig^Access-list 1 permit 112.2.2.110.11.0.255 

R2(config)r*Route-map 1ST permit 10 
R2[eonfig-routc-map)#Mateh ip addr 1 

R2(config)n Router rip 

R2(config<outcr)rl)efauIt-infomiation originate route-map 1ST 

To vcrifv the configuration: 

On R6 

R6*Show ip route dp ' inc 0.0.0. 

R* (UUUI/0 1 120/21 via 10. 1.46.4, 00:00:50, SerialO/0.64 






[ask Ml 

Rl should be configured such that R4 docs not advertise the allowed networks from BB1 
to its down stream neighbor's. 






On Rl 

R 1 (config^Access-list 1 permit 103.0.0.0 0.63.255.255 

Rl(config)#Act:ess-list 1 permit 104.0.0.0 0.31.255.255 
Rl(conng>Aecess-list 1 permit 105.0.0.0 0.3.255.255 
Rlfconfig^Access-list 1 permit 107.1.1.0 0.0.0.127 
Rlieonfig^Aecess-list 1 permit 108.1.1.64 0.0.0.63 
Rlfconfig^Access-list 1 permit 109.1.4.0 0.0.3.255 

R 1 (config)r ! RoLitcr rip 

Rl(config-routcr)rK)ff'set-list 1 out 12 SerialO 0.12 
Rlfconfig-routcr^OfYset-list 1 out 13 SerialO 0.14 

R2*Show ip route B Gateway 

Gateway of last resort is not set 

103.0.0.0/10 is subnetted, I subnets 
R 103. 0. 0. 1 120/1 4 1 v ia 1 . 1 . 1 2 . 1 , 00 :0 :44 , ScrialQ'O 2 1 
100.0.0.0/24 is subncttctl 1 subnets 




cc 


IE R&*> b> Narblk KuL-harians Advanced CC1E R&S Work Book 2.11 Page 381 of It 

C2009 Narbik Koch* runs. All rq|lits reserved 


168 



c 


1 LI. 


R 


10. 


R 


10. 


c 


10. 


R 


10. 


R 


10. 


R 


10. 


C 


1 (1. 



R 100.1.1 1 1.0 [120/1] via 10.1.12. I, 00:00:44, Scria!0/0.21 

112.0.0.0/24 is subnetted, 2 subnets 
D I 12.2.2.0 [90/ 1 561 60 j via 10.1. 1 12. 1 12, 00:21:23, Fast Ethernet 0/0 
D 1 12.1.1.0 [90. 156160] via 10.1.112.112,00:21:23, FastEthcrnetQO 

10.0.0. 0'8 is variably subnetted, 10 subnets, 2 masks 
R 10. 1.14.0 24 [120/1 J via 10. 1.24.4, 00:00:02, FastEthcrnctO 1 

[120/1 J via 10.1.12.1, 00:00:44, ScrialO'0.21 
R 10.1.13.Q.'24 [120/1 J via 10.1.12.1, 00:00:44, ScrialO/0.21 
.12.0/24 is directly connected, ScrialO/0.21 
.3.0/24 [120/2] via 1 0. 1.12.1, 00:00:44, ScriaKl'0.2 1 
Ol 1.1 1 1.11 1 32 [ 120/ 1 J via 10. 1 . 12. 1, 00:00:44, Scrial0/02 1 
.24.0/24 is directly connected. Fast Ethernet 0/1 
46.0/24 [120/1 J via 10.124.4, 00:00:02, FastEthcractO 1 
45.0'24 [120/1 J via 10.124.4, 00:00:03, FastEthcractO I 
.56.0'24 [120/2] via 10.1.244, 00:00:03, FastEthcractO 1 
. I 1 2. 0/24 is directly connected, FastEthcrnctO 
108.0.0.0/26 is subnetted, "l subnets 
R 1 08. 1. 1.64 [12 0/ 1 4 1 v ia 10.1.12.1, 00: 0:46, ScrialO/ .2 1 

109.0.0.0/22 is subnetted I subnets 
R 109. 1.4. 1 120/141 via 10.1.12.1,00:00:47, ScrialO/021 

107.0.0.0/25 is subnetted, I subnets 
R 107.1.1.0 [120/14] via 10.1.12.1, 00:00:47, ScrialO. 0.21 

104.0.0.0/11 is subnetted, I subnets 
R 104,0.0.0 [120/14| via 10.1.12.1, 00:00:47, Scrial0.'0.21 

105.0.0.0/14 is subnetted. I subnets 
R 1 05.0.0. (1 1 120/141 via 10.1.12.1,00:00:47, ScrialO/021 

Note R2 has a cost of 14 hops, these networks are advertised to R4 «ith a hop count 
of 15, \>hich means that R4 can not advertise these networks to any other router. 

On K4 

R4^Show ip route Inc 15 

R 1 03.0.0.0 [120/15] via 10.1 .24.2, 00:00:06, FastEthcrnctO/0 

[120/15] via 10. 1.14.1, 00:00:32, Scrial0,0.41 
R 108. 1 . 1 .64 [ 120/1 5] via 10. 1 .24.2, 00:00:06, Fast Ethernet 0/0 

[12Q'l 5] via 10.1 . 14. 1 00:00:32, ScrialO'0.41 
R 109.1.4.0 [120/15] via 10.1.24.2, 00:00:06, FastEthcrnctO 

[120/1 5] via 10. 1.14.1, 00:00:32, ScrialO'0.41 
R 1 07. 1.1.0 [120/15] via 10.1 .24.2, 00:00:06, FastEthcrnctO 

[120i5] via 10.1.14.1, 00:00:32, ScrialO/0.41 
R 104.0.0.0 [120/15] via 10.1 .24.2, 00:00:06, FastEthcrnctO'O 

[120i5] via 10.1.14.1, 00:00:32, ScrialO'0.41 



CCIE R&S by Narbik KucharLaiH Advanced CCIE R&S Work Book 2.0 Page 182 of 1068 

C2Q09 >iarl>ik Kucha riani. All rijhu raerved 











R 1 05.0.0.0 [ 120/ 1 5 J via 10.1.24.2, 00:00:0 6, FastEthcmctO 
[120/15] via 10.1.14.1, 00:00:32, ScrialQ/Q.4l 






Task 1 1 

Rl and R3 should be configured such that periodic RIPvZ updates arc suppressed over 
the frame- relay connection between them. These routers should only send updates 
through the frame-relay connection if there is a topology change. 






On kl 

Rl(config)#]ntSO.O.I3 
Rlfconfig-routcrYirlp rip triggered 

On R3 

R3(config)#]nt SO. 0.31 
R3(config-if)#lp rip triggered 

Note this command works on all point-to-point and some multipoint links. 






Task 12 

Configure R2 and R4 such that they exchange updates using L'nicast. 






On R2 

R2(config)# Router rip 

R2 ( c o n fig-ro u t cr ) #P ass ivc- in tcrface FO/ 1 

R2i:config-router)#\cighbor 10.1 .24.4 

On R4 

R4 (con fig)* Router rip 

R4 ( c o n fig-ro u t cr ) ^P ass ive- in tcrfac c FO. 

R4i:config-routcr)r*Xcighbor 1 0. 1 .24.2 




cc 


IE R&* b> Narbik Kocharians Advanced CCIE R&S Work Book 2.0 Page 383 of It 

C 2009 Narbik Kochariaiu. All ry lib reserved 


)6S 











Note if the "passive- interface" command is not used, the routers \rill send both 
Unicast and Multicast updates to each other. 






[ask 13 

Configure R5 and R6 such that they exchange version 2 updates using Broadcast. 






On R5 and R6 
Ccomfigpiit FQ'O 

(config-if)#lp rip v 2 -broad cast 

To test and verity the configuration: 

On K6 

R6#Dcbug ip rip 

RIP: sending v2 flash update to 255.255.255.255 via FastEthcrnctO (10. 1.56.6) 






Task 14 

Configure the following Loopbaek interfaces on R3 and advertise a single summary route 
into the RIP routing domain: 

Loopbaek 1 = 1 50. 1 .0.3 /24 
Loopbaek 2= 150. 1.1.3 24 
Loopbaek 3= 150.1.2.3 24 
Loopbaek 4= 150.1.3.3/24 






On R3 

R3(config)#]ntLol 

R3(config-ifyip address 150.1.0.3 255.255.255.0 

R3i;config^lnt k)2 

R3iconfig-if)# lp address 150. 1.1.3 255.255.255.0 




cc 


IE R&^s b) Narhik kucharians Advanced COE R&S Work Book 2.0 Page iS4ofli 

C 2009 Narbik Kucharbni. All rijjhlj reserved 


)6S 



R3(config')#]nt k)3 

R3(config-if)*]p address 150. 1 .2.3 255.255.255.0 

R3(config)#Int k)4 

R3(config-it>lp address 150. 1.3.3 255.255255.0 

R 3 iconfig)* Router rip 

R3 (co n fig-ro u tcr)#S"ct\vo rk 1 5 . 1 .0.0 

R3(config)MntS0/0.31 

R3(config-it>lp summary -ad dress rip 150.1.0.0 255.255.252.0 

R3(config)#]nt SO/1 

R3iconfig-il>lp sum man -address rip 150.1.0.0 255.255.252.0 

To test and verily the configuration : 

On Rl 

Rl^Show ip route rip 

103.0.0.0/10 issubnetted, I subnets 
R 1 3. .0 .0 [ 1 20/ 1 J via 1 . 1 . 1 1 I . I I I , 00: : 5 

10.0.0.0/8 is variably subnetted, 11 subnets. 2 masks 
R 10. 1.3.0/24 [12*0/1] via 10.1 . 100.3, 00:00:39, ScrialO/1 

[120/1 j via 10.1.13.3, 00:00:56, ScrialO/0.13 
R I ft 1 .24.0 24 [ 120/1 j via 10.1 . 14.4, 00:00:33, ScrialO/0. 14 
[120/1 J via 10.1.12.2, 00:00:49, SeriaKJ/0.12 
R i ft 1.46. 24 [ 120/ 1 J via 1 . 1 . 1 4 .4 , 00 :00 : 3 3 , Scria 10/0 . 1 4 
R I ft 1 .4 5 jQ/24 [ 120/ 1 J v ia 1 . 1 . 1 4 .4 , 00 :00 :33, Scria 10,0 . 1 4 
R I ft 1 .56.0/24 [ 120/2] via 1 0. 1. 14.4, 00:00:33, SerialO/0. 1 4 
R 10. 1.1 12.0/24 [120/1 J via 10.1.122, 00:00:49, ScrialO/0.12 

108.0.0.0 '26 is subnettcd, I subnets 
R 108.1.1.64 [120 1] via 1 0.1 . 1 1 1 . 1 1 1, 00:00:05 

10 9. 0.0 .0/22 is sub netted, I subnets 
R 109.1.4.0 [120/1 J via 10. 1. 1 1 1. 1 I L 00:00:05 

107.0.0.0/25 is subnettcd, I subnets 
R 107.1.1.0 [120/1 J via 10. 1. 1 1 1. 1 1 I, 00:00:05 

104.0.0.0/11 is subnettcd, I subnets 
R 1 04.0.0.0 [120/1 J via 10. 1. 1 1 I . I 1 1 , 00:00:06 

150. 1.0.0/22 is subnettcd, I subnets 
R 150.1.0.0 1 120/11 via 10.1. 100.3, 00:00:40, ScriaKLi 
1120/11 via 10.1.13.3,00:00:57, ScrialO'0.13 

105.0.0.0/14 is subnettcd. 1 subnets 



CCIE R&S by NarMk Kuehariaiw Advanced CC1E R&S Work Book 2.0 Page 18SoflQ68 

C 3009 Varbik Kucha riani. All rights raervetl 











R 1 05.0.0.0 [ 120/1 J via 10.1.111.111, 00:00:08 

R* 0.0.0.0 [1 20/1] via 1 0. I.I 2,2, 00:00:51, ScrialO/0. 1 2 






Task 15 

Rl is a high speed router sending updates to R3 which is a low speed router. Because of 
this fact, R3 is not be able to receive and process updates at the rate that Rl operates. 
Configure Rl such that when it has multiple RIP packets to send to R3,, it waits 1.0 
milliseconds between the packets. To further remedy these situations, configure R3 to 
increase its unprocessed RIP input queue depth to 75 packets. 






On Rl 

R 1 (con fig )#Ro titer rip 

R 1 ( c o n tig -ro u t cr ) r* ou t put ■ d el ay 1 1) 

The above configuration will help 113 from losing routing information, because this 
command introduces a delay of 1(1 milliseconds between packets in a multiple packet 
RIP updates. By default there is no inter-packet delay and the range for this timer is 
(8 - 50 milliseconds). 

On R3 

R3(contlg)#Routcr rip 
R3(config-router)#input-queue 75 

This command will also help to prevent muting information from being lost. The 
value specifies the depth of the input queue, the larger the value, the larger the 

depth of the queue. The range is (0 — 1024) and the default value is 50. 




cc 


Task 16 

Configure R6 with the following 10 Loopback interfaces. R6 should be configured to 
advertise these Loopback interfaces in RIP routing domain. 

Configure R6 such that R4 receives the EVEN routes from R6 and the ODD routes from 
R5. Whereas, R5 should receive the ODD routes from R6 and the EVEN numbered 
routes fromR4. You should use an ace ess- list with minimum number of lines to 
accomplish this task. 

IE R&«* b> Narbik KodiarLans Advanced COE R&S Work Book 111 Page 386 of It 

C2Q09 >«arbik Kxidiariaiu. All rights rcirrvfil 


)6S 



Loopback = 160. 1.0.6 24, Loopback 1 = 1 60.1 . 1.6 /24 s Loopback 2 = 1 60.1.2.6 24 
Loopback 3 = 1 60. 1 .3.6 24, Loopback 4 = 1 60.1.4.6 24 r Loopback 5 = 1 60.1.5.6 24 
Loopback 6 = 1 60. 1 .6.6 24, Loopback 7 = 1 60.1.7.6 /24 r Loopback 8 = 1 60.1 .8.6 .24 
Loopback 9 = 160.1.9.6/24. 



On R6 

R6(config)#Int b0 

R6(config-it>]p address 160. 1.0.6 255.255255.0 

R6(corifig')#Int lol 

R6(config-ity lp address 160.1.1.6 255.255.255.0 

R6i;config^Int k>2 

R6(config-il>]p address 160. 1 .2.6 255.255.255.0 

R6i;config^lnt k)3 

R6i;config-if)#]p address 160. 1.3.6 255.255255.0 

R6iconfig)#Int k)4 

R6(config-ir)#lp address 160. 1.4.6 255.255255.0 

R6 (con fig')#] nt k>5 

R6iconfig.il>] p address 160.1.5.6 255.255255.0 

R6(config')#]nt Jo 6 

R6(con%-il>lp address 160. 1.6.6 255255.255.0 

R6(config)#]nt k)7 

R6(config-il>lp address 160.1.7.6 255255255.0 

R6(config)#Int k)8 

R6(config-it> lp address 160.1.8.6 255255255.0 

R6(config)#Int lo9 

R6fconfig-it>lp address 160. 1.9.6 255.255255.0 

On R6 

R6(config)#Acccss-list 1 permit 160.1.1.0 0.0.254.255 
R6(config)#Access-list 2 permit 160.1.0.0 0.0.254255 

R6(coniig)#Routcr rip 



CCIE R&«* by NarMk Kueharians Advanced CCIE R&S Work Book 2.0 Page iS? of 1068 

C M09 Virbik Kucha rianx All rights raerved 



R6(config-routcr)#Offset-list 2 out 15 FastEthcrnctQ'O 




R6 (c o n fig-ro u ter)#Q ffsct- 1 isrt 1 out 1 5 Scri alO/O .64 




R6(config-router)# Network 160. 1.0.0 




I o verify and test the configuration: 




On R4 




R4#Sh ip route rip 1 nc 1 0. 1 .46. 6 




R 1 60. 1 .0.0 [ 120/1 j via 1 0. 1.46.6, 00:00:29, ScrialQ'0.46 




R 1 60. 1 .2.0 [ 120/1 J via 10. 1.46.6, 00:00:29, ScrialO/0.46 




R 1 60.1.4.0 [120/1 J via 10. 1.46.6, 00:00:29, ScrialO'0.46 




R 160.1.6.0 [ 120/1 J via 10. 1.46.6, 00:00:29, ScrialG'0.46 




R 160.1.8.0 [120/1 J via 10. 1.46.6, 00:00:29, ScrialO/0.46 




R 10. 1 .56.0/24 [120/1 J via 1 0. 1 .46.6, 00:00:29, SerialO/0.46 




R4#Sh ip route rip Inc 10.1 .45.5 




R 1 60. 1 . 1 .0 [ 120/2] via 1 0. 1.45.5, 00:00:5 1 , SerialQ.'0.45 




R 1 60. 1 .3.0 [120/2] via 10.1.45.5, 00:00:51 , ScrialO'0.45 




R 1 60. 1 .5.0 [120/2] via 10.1.45.5, 00:00:51 , ScrialO/0.45 




R 1 60. 1 .7.0 [ 120/2] via 10. 1.45.5, 00:00:5 1 , ScrialO'0.45 




R 1 60. 1 .9.0 [ 120/2] via 1 0. 1.45.5, 00:00:5 1 , SerialQ'0.45 




[120/1] via 10.1.45.5, 00:00:51 , ScrialO/0.45 




Note R4 is receiving even subnets of 160.1.0.0 netx^ork from R6, 


whereas, the odd 


subnets of the same netxvork is received from R5 




On \15 




R5#Show ip route rip Inc 1 60. 1. 




160.1.0.0/24 is subnetted, 10 subnets 




R 160.1.1.0|120/11 via 10.1.56.6, 00:00:26, FastEthernetO/0 




R 160.1.11.0 1120/21 via 10.1.45.4. 00:00:26, Serbia 0.54 




R 160.1.3.0 |120/11 via 10.1.56.6, 00:00:26, FastEthemetO/0 




R 160.1.2.0 |120/21 via 10.1.45.4, 00:00:26, Seria 10/0.54 




R 160.1.5.0 |120/11 via 10.1.56.6, 00:00:26, FastEthernetO/0 




R 160.1.4.0 |120/2| via 10.1.45.4. 00:00:26, Seria 10/ 0.54 




R 160.1.7.0 |120/11 via 10.1.56.6, 00:00:26, FastEthemetO/0 




R 160.1.6.0 1120/2] via 10.1.45.4, 00:00:26, Seria 10 0.54 




R 160.1.9.0 (120/11 via 10.1.56.6, 00:00:26, FastEthemetO/O 




R 160.1.8.0 1 120/21 via 10.1.45.4, 00:00:26, Seria 10/ 0.54 





CCIE R&!s b\ Narbik Kuchai-iims Advanced OCIE R&S Work Book 2.0 Page S88oflQ68 

C 2009 Virbik Kuchi riini All rij Itta reserved 



Note the even subnets of 160.1.0.0 are received from R4, whereas, the odd subnets of 
160.1.0.0 are received from R6, 



Task 17 

Configure RlPv2 on BB3: this router is connected to CAT-] 's port FO 1 3. Configure a 
solution such that R3 advertises all the RlPv2 routes to BB3. Do not change the VLAN 
assignment of any of the routers, or use a global configuration, and'or router 
configuration mode command to accomplish this task. 
BB3 may not have reachability to any of the IP addresses within this topology. 



On BB3 

B B 3 (co n fig)?* Router rip 

BB3('config-routcr)fr No validate-update-source 

On S\V 1 



SW1 (config)#\ionitor session 1 source interface F0- 3 both 
SW1 (co nfig)#V1oni tor session 1 destination interface F0/ 13 



To verify the configuration: 



On BBS 

BB3#Sh ip route rip 

103.0.0.0, 10 is submitted I subnets 

R 1 3.0 .0 .0 [ 120/3 J via 10. 1.3.3, 0:0 0:06 

100.0.0.0/24 is subnetted, I subnets 
R 1 00. LI 1 1.0 [120/2] via 10. 1.33, 00:00:06 

160. 1 .0.0/24 is subnetted, 1 subnets 
R 160.1.1.0 [120/5] via 10. 1.3.3, 00:00:06 
R 160.1.0.0 [120/4] via 10.1.3.3, 00:00:06 
R 1 60. 1 .3.0 [ 120/5] via 10. 1.3.3, 00:00:06 
R 160.1.2.0 [120/4] via 10.1.3.3, 00:00:06 
R 160.1.5.0 [120/5] via 1 0. 1.3.3, 00:00:06 
R 1 60. 1 .4.0 [ 120/4] via 10. 1.3.3, 00:00:06 
R 1 60. 1 .7.0 [ I20/5J via I 0. 1.3.3, 00:00:06 



CCIE R&5> by Narbik Kuchariaiw Advanced CCIE R&S Work Book 2.0 Page WoflQ68 

C2Q09 Narbik Kucha rianx All rijhb raerved 













R 160. 1 .6.0 [120/4] via 10. 1.3.3, 00:00:06 








R 1 60. 1 .9.0 [ 120/5] via 1 0. 1.3.3, 00:00:06 








R 160.1.8.0 [120/4] via 10.1.3.3,00:00:06 








IO.O.O.G'8 is variably subnettcd, 1 1 subnets, 2 masks 








R 1 0. 1 . 1 4.0 24 [120/2] via 10.1 .3.3, 00:00:06 








R 10.1.13.0,24 [120/1] via 10. 1.3 


3, 00:00:06 








R 10. 1.12.0 24 [120/2] via 10. 1.3 


3, 00:00:07 








R 10. I.I 11. 11 1/32 [120/2 ]via 10 


1.3.3, 00:00:06 








R 111 1.24 .0/24 [120/3] via 10. 1.3 


3,00:00:08 








R 10.1.46.024 [120,3] via 10. 1.3 


3,00:00:08 








R 10.1.45.0 24 [120/3] via 10. 1.3 


3, 00 .00:08 








R 10.1.56.0/24 [120/4] via 10.1.3 


3, 00:00:09 








R 1 0. 1 . 1 00.0/24 [ 120/1 ] via 1 0. 1.3.3, 00:00:09 








R 1 0. 1 . 1 1 2.024 [120/3] via 1 0. 1.3.3, 00:00:09 








108.0.0.0/26 is subnettcd 1 subnets 








R 108.1.1.64 [120/3] via 10.1.3.3, 00:00:09 








109.0.0.0/22 is subnettcd 1 subnets 








R 109.1.4.0 [120/3] via 10. 1.3.3, 00:00:09 








107.0.0.0/25 is subnettcd, 1 subnets 








R 107. 1.1.0 [120/3] via 10. 1.3.3, 00:00:09 








104.0.0.0/1 1 is subnettcd, 1 subnets 








R 1 04.0.0.0 [120/3] via 10. 1.3.3, 00:00:09 








150. 1 .0.0/ 1 6 is variably subnettcd, 5 subnets, 2 masks 








R 1 50. 1 .3.0/24 [120/1 ] via 10.1 .3.3, 00:00:09 








R 1 50. 1 .2.0/24 [120/1 ] via 10.1 .3.3, 00:00:09 








R 1 50. 1 . 1 .0/24 [120/1 ] via 10. 1 .3.3, 00:00:09 








R 150. 1 .0.0 24 [120/1] via 10. 1 .3.3, (X):00:09 








R 1 50. 1 .0.Q.'22 [120/3] via 10. 1 .3.3, 00:00:09 








105.0.0.0/1 4 is subnettcd, 1 subnets 








R 105.0.0.0 [120/3] via 10. 1.3.3, 00:00:09 








R* 0.0.0.0 [120/3] via 10. 1.3.3, 00:00:09 






Task IS 




Erase the startup con figuration and reload the routers before proceeding 


to the next 


protocol. 




CCIE R&t, by Narvik Kucharians Advanced CCIE R&S Work Book 1A 


Page 390 of 1668 


C2009 V»rl>ik Kucha runs. All rflhU rtitn til 





Advanced 
CCIE Routing & Switching 

2.0 

www.MicronicsTraininc.coni 



Xarhik Koc Italians 

CCIE #1241(1 
R&S, Security, SP 



EIGRP 



CCIE R&S by Narbik Kuchariaiw Advanced CCIE R&S Work Book 2.0 Page 391 of 1068 

£ £009 N«rl>ik Kucha rlim All rij|hu raerved 



Lab Setup: 



VLANs: 

> FO/0 interface of BB1 and Rl should be configured in VLAN 1 I 
£■ FO/0 interface of R3 should be configured in VLAN 3 

> FO'O interface of BB2 and R2 should be in VLAN" 22 

> FO interface of R5 and R6 should be configured in VLAN 56 

> FO/1 interface of R2 should be configured in VLAN 2 
5* FO/0 interface of R4 should be configured in VLAN 4 



Frame-relay: 

> R4 should be configured with two sub- interfaces in a point-to-point manner, one 
connecting R4 to R5 and the second one connecting R4 to R6. 

'* R5 and R6 should each be configured with a single point-to-point sub -interface 
connection to R4. 

> Rl should be configured with three point-to-point sub-interfaces connecting it to 
router* R2 ; R3 and R4. 

> Routers R2. R3 and R4 should be configured with a point-to-point frame-relay 
connection to Rl. 

> Configure the bandwidth of R4's point-to-point frame-relay connection to R5 to 
be 51 2 Kbps. 



Trunking: 

The trunk ing should be established between SW-1 and SW-2 using ports FO.' 1 9 and 
FO. 20. 



CCIE R&* by Narbik Kuchariaiw Advanced CCIE R&S Work Book 2.0 Page 392 of 1068 

C2009 Narbik Kucha rians. All rijjhU ri-irrvcU 



IP Addressing chart: 




Router 


Interface 


Connecting to: 


IP Address 




Rl 


SO .0.12 


R2 


10.1.12.1 .24 






SO/0. 1 3 


R] 


10.1. 13.1 .24 








SO. 0. 1 4 


R4 


10.1.14.1 .'24 








SO/1 


R3 


1 0.1. 100.1 ;24 








FO/0 


BB1 


1 0. 1 . 1 1 1 . 1 124 








LoO 


- 


150.1.1.1 .'24 








Lol 


. 


I.I. 0.1 .'24 








Lo2 


- 


I.I. I.I .'24 








Lo3 


- 


1.1.2.1 04 








Lo4 


■ 


1.1.3.1 '24 




\U 


SO 0.21 


Rl 


10.1.12.2 24 






FO/0 


BB2 


10. I.I 12.2/24 








F0/1 


- 


10.1.2.2,24 








LoO 


- 


15QA22QA 




m 


SO 0.31 


Rl 


10. 1.13.3 24 






SO/1 


Rl 


10.1.100.3.24 








F0 


- 


10.1.3.3/24 








LoO 


- 


150.1.3.3 .24 




R4 


SO 0.41 


Rl 


10.1.14.4,24 






90/0.45 


R5 


10.1.45.4,24 








SO 0.46 


R6 


10.1.46.4,24 








FO/0 


- 


10.1.4.4 24 








LoO 


- 


150.1.4.4 24 




\15 


SO .0.54 


R4 


10.1.45.5 24 






F0/O 


R6 


10.1.56.5,24 








LoO 


- 


150.1.5.5,^4 




R6 


SO 0.56 


R4 


10.1.46.6 24 






F0 


Rf 


10.1.56.6 24 








LoO 


- 


150.1.6.6 24 




BBI 


F0 


Rl 


10. 1.11 1.1 11, 24 






LoO 


■ 


150.1.1 11.111 24 




BB2 


FO 


R2 


10.1.112.112 "24 






LoO 


- 


150. 1. IP. 11 2.^4 




CCEER&Sby NarbikKocha 


rians Advanced COE R&S Work Book 1A 

C2009 Varbik Kucha riani. All rijhti raerved 


Page 393 of 1068 



Logical Topology 




CCIE R&* by \nrUk Kuehariaiw Advanced CCIE R&S Work Book 2.0 

C2009 \arl>ik Kuchi riant. Ail rijhfci reserved 



Page 394 of 1068 



Task 1 

Configure the routers as follows: 



•-- 



> R I and BB 1 should be configured in AS 1 00: BB I should advertise it's directly 
connected networks in this AS, whereas, Rl should ONLY advertise it's 
connection to BB1 and it's loO interlace in this AS. 

> R2 and BB2 should be configured in AS 200; BB2 should advertise it's directly 
connected networks in this AS, whereas, R2 should ONLY advertise it's 
connection to BB2 in this AS. 

> Rl, R2, R3 and R4 should be configured in AS 300; Rl should advertise it's P2P 
connection to R3, all of it's frame- re lay connections and Loopback 1—4 in this 
AS. R2 should advertise it's FO.'l, LoO and it's frame-relay connection in this AS. 
R3 should advertise all of it's interfaces in this AS. R4 should advertise it's 
frame- relay connection to Rl, FO'O and it's LoO interface in this AS. 

> R4, R5 and R6 should be configured in AS 400: R4 should advertise it's frame- 
relay connections to R5 and R6 in this AS. R5 and R6 should advertise all their 
directly connected networks in this AS. 



To uon lljjiiru l]iu l"mt iluan in Hits tusk: 

On BB1 

BB I (config)#routcr cigrp 100 

BB1 (con fig-router)?' no au 

BB1 (config-routcr)#nctwork 0.0.0.0 

Note the "Network 0.0.0.0" advertises the existing and future directly connected 
networks in the AS. 

On Rl 



R 1 (configure) Liter cigrp 1 00 
Rl(config-routcr)#no au 
RKconfig-routcr^nctwork 10. 1. 1 1 1.1 0.0.0.0 
Rli;eonfig-routcr)#nctwork 150.1.1.1 0.0.0.0 



To vi'rit'y the configuration: 



On BBI 



CCIE R&*> by Narbik Kuchariuiw Advanced CCIE R&S Work Book 2.0 Page 395 of 1068 

C 2009 NarbikKocharianx All rij|hU reirrvwl 



BBl"Sho\v ip route cigrp 

150. LO. 0/24 is subnetted, 2 subnets 
D 1 50. 1. 1.0 [90: 1 56 1 60] via 10. 1 . 1 1 1 . L 00:02:06, FastEthcrnctO 

On m 



R 1 3 Show ip route cigrp 

150. 1 .0.0/24 is SLibncttcd. 2 subnets 
D 1 50. 1. 1 1 1.0 [90. 1 56 1 60 J via 1 0. 1 . 1 I I . I I L 00:02: 1 5, FastEthcrnctO 

To configure Hit; second item in this- task: 

On BB2 

BB2(conilg)#routcr cigrp 200 
B B 2 (co n fig-ro u tcr )#no au 
BB2(config-routcr)#nct work 0.0.0.0 

On R2 

R2 ( 'c o n fig)#ra li t cr cigrp 2 
R2ieonf]g-routcr)#no au 
R2(config.routcr)#nct\vork 10. 1. 1 12.0 0.0.0.255 

Note the above network command is another way to advertise routes in Eigrp. 
To verify the configuration: 

On BB2 

BB2ffShow ip cigrp neighbors 

1P-E1GRP neighbors for process 200 

H Address Interface Hold Uptime SRTT RTO Q Scq 

(sec) (rns) Cnt Xum 

10. 1. 1 122 Fa0/0 1100300:30 4 200 2 

BB2#Show ip cigrp topo.ogy 

1P-E1GRP Topology Table lor AS(200)TD( 150.1.1 1.2.1 12) 

Codes: P - Passive., A - Active, L" ■ Update., Q ■ Query. R - Rcp.y. 



CCIE R&<> by Narbik KucharLaiM Advanced CC1E R&S Work Book 2.0 Page 396aflQ68 

C2Q09 Narbik Kochariaiu. All riflhU rcirrvwi 



r - reply Status, s - sia Status 

P 150.1.1 12.004, 1 successors, FD is 128256 
v ia Co n n cc ted , Loo pb ac k 

P 10.1.1 1 2.0/24, I succcsso rs, FD is 28 1 60 

v ia C o n nc Ct ed , F ast E t h crn ctO" 

On R2 

R2#Sho\v ip route cigrp 

150.1.0.0/24 is subnetted, 2 subnets 
D 150.1.112.0 [90/ 156 160 J via 10. 1.! 12.1 12,00:03:47, FastEthcrnctO/0 

R2"Sho\v ip cigrp topology 

1P-E1GRP Topology Table lor AS(200)TD( 150. 12.2) 

Codes: P - Passive, A - Active, U - Update. Q - Query. R - Reply, 
r - reply Status, s - sia Status 

P 150.1.112.0/24, 1 successors, FD is 156160 

via 10.1.112.112 ( 156 1 60; 1 28256), FastEthemctO 
P 10.1.1 12.0/24, 1 successors, FD is 28 160 

via Connected, Fast Ethernet 0/0 

R2*Show ip cigrp topology 150. 1.11 2.0 24 

1P-E1GRP (AS 200): Topology entry for 150.1. 112.0/24 
State is Passive, Query origin Hag is I, I Succcssor(s), FD is 156 160 
Routing Descriptor Blocks: 

10. 1.1 12.112 (FastEthcrnctO/0), ftom 10.1. 1 12.1 12, Send flag is 0x0 
Composite metric is (156160/128256), Route is Internal 
Vector metric: 
Minimum bandwidth is 100000 Kbit 
Total delay is 5 1 00 microseconds 
Reliability is 255/255 
Load is 1/255 
Minimum MTU is 1500 
Hop count is 1 

To configure the third item in this task: 



CCIE R&«* by Nartnk Kuc-hurLaiw Advanced CCIE R&S Work Book 2.0 Page 39? of 1068 

C2009 Narbik Kucha rianx All rij|hU rcirrvwl 



On Rl 




Rl (config)#routcr cigrp 300 




R 1 iconilg-ro utcr)?* no au 




Rl(config-routcr)#ncLwork 10.1.100.1 0.0.0.0 




R 1 (c o n fig-ro u ter)#nct wo r k 1 . 1 . 1 2. 1 .0 .0 .0 




Rli;config-routcr)#nctwork 10.1.13.1 0.0.0.0 




Rl (con fig-ro utcr)#nctwork 10.1.14.1 0.0.0.0 




Rli;eonfig-router)#nctwork 1.1. 0.1 0.0.0.0 




Rl(config-routcr)#nct\rark 1.1.1.1 0.0.0.0 




Rli;config-routcr)?*nctwork 1.1.2.1 0.0.0.0 




Rli;config-router)#nctwork 1.1.3.1 0.0.0.0 




On R2 




R2(config)#routcr cigrp 300 




R2(config-routcr)r*no lu.i 




R2i;config-routcr)#nctwork 10.1.2.2 0.0.0.0 




R2 (c o n fig-ro u tcr)#nct wo rk 1 5 . 1 . 2. 2 .0 .0 .0 




R2(config-routcr)#nctwork 10.1.12.2 0.0.0.0 




On R3 




R3(oonfigJ#router cigrp 300 




R3 (c o n fig-ro u tcr)f*no an 




R 3 (c o n fig-ro u t cr)# net wo r k 0. 0.0. 




On R4 




R4(config)f?routcr cigrp 300 




R4 (c o n fig-ro u tcr)# no an 




R4i;config-routcr)£nctwork 10. 1. 14.4 0.0.0.0 




R4(config-routcr)#nctwork 150.1.4.4 0.0.0.0 




R4iconfig-routcr)#nctwork 10. 1.4.4 0.0.0.0 




In verify the eonfiyuration: 




On Rl 




Rl#Sh ip route cigrp 300 




IO.O.O.Q'24 is subletted, 8 subnets 




D 10. 1 .3.0 [ 90 2 1 724 1 6 1 via 1 0.1.1 00. 3, 00:02:02, 


ScrialQi 



CCIE R&* by NarMk Kueharians Advanced CCIE R&S Work Book 2.0 Page 398 of 1068 

C 10419 Mir bib Kucha runt. All rights reserved 



[90/21 724 1 6 J via 10. 1 . 1 3.3, 00:02:02, ScrialO/0. 1 3 
D 10. 1.2.0 [9(121724161 via 10.1. 12.2,00:06:29, ScrialO'0.12 
D 1 0. 1 .4.0 [90/2 1 724 1 6] via 10.1. 14.4, 00:04:33, ScrialO'O. 14 

150.1. €.0/24 is sub net ted 5 subnets 
D 150.1.4.0 [90 .2297856 j via 10.1.14.4,00:04:23, Scrialtt'0.14 
D 1 50. 1.3.0 [90. 2297856] via 1 0. 1 . 100.3, 00:02:02, ScrialO/1 

[90.2297856] via 10. 1.13.3, 00:02:02, ScrialO/0. 13 
D 150.1.2.0 [90,2297856] via 10.1.12.2, 00:06:29, Scriaia'0.12 

On R2 

R2*Show ip route cigrp 300 

1 .0.0.0 24 is subletted, 4 subnets 
D 1. 1.0.0 [90 2297856] via 10.1.12.1,00:07:21, Scria 10/0.21 
D 1. 1.1.0 [90 2297856] via 10.1.12.1,00:07:21, ScrialO/0.21 
D 1. 1.2.0 [90 2297856] via 10.1.12.1,00:07:21, ScrialO/0.21 
D 1. 1.3.0 [90,2297856] via 10.1.12.1,00:07:21, ScrialO/0.21 

10.0.0.0.24 issubnetted, 8 subnets 
D 10.1.14.0 [902681856] via 10.1.12.1, 00:07:21, ScrialO/0. 21 
D 10. 1.13.0 [90 2681856] via 10.1.12.1, 00:07:21, Scrialtt'0.21 
D 1 0. 1 .3.0 [90 26844 1 6] via 10.1 . 12. 1 , 00:06:03, Scrialfl'0.21 
D 10. 1.4.0 [90 26844 16] via 10. 1.12. 1,00:05:26, ScrialO'0.21 
D 10. 1.100.0 [90 2681 856; via 1 0. 1 . 1 2.1 , 00:07:21, ScrialO/0.21 

150.1.0.0/24 is sub net ted, 4 subnets 
D 150.1.4.0 [90/2809856] via 10.1.12. 1, 00:05:16, Scriaia'0.21 
D 150.1.3.0 [90,2809856] via 10.1.12.1, 00:06:03, Scriaia'0.21 

On \U 

R3*Ship route cigrp 300 

1 .0.0.0/24 is subnetted, 4 subnets 
D 1. 1 .0.0 [90,2297856] via 10.1. 100. 1, 00:04:53, ScrialO'l 

[90,2297856] via 1 0. 1.13. 1, 00:04:53, ScrialO/0.31 
D 1. 1.1.0 [90,2297856] via 10.1.100.1,00:04:53, ScrialO'l 

[90,2297856] via 10.1.13.1, 00:04:53, ScrialO/0.31 
D 1.1 .2.0 [90,2297856] via 10. 1. 100.1,00:04:53, ScrialO'l 

[90,2297856] via 1 0. 1.13. 1, 00:04:53, ScrialO/0.31 
D 1.1 .3.0 [90,2297856] via 10.1.100.1,00:04:53, ScrialO/1 

[90.2297856] via 10.1.13.1,00:04:53, ScrialO/0.31 
IO.O.O.Q'24 issubnetted, 7 subnets 
D 1 0. 1 .14.0 [90 268 1 856] via 1 0. 1 . 100. 1 , 00:04:53, ScriaHl/l 
[90268 1 856; via 1 0. 1 . 1 3. 1 , 00:04:53, ScrialO 0.3 1 



CCIE R&<> by Nar bik Kuchariuns Advanced CCIE R&S Work Book 2.0 Page 399ofl068 

C 3(109 >iarbik Kucha riani. All rijjhu reserved 



D 10. 1.12.0 [90 '268 1856] via 10.1.100.1, 00:04:53, Scrial0/1 

[90.268 1 856^ via 1 0. 1 . 1 3.1 , 00:04:53, ScrialO'0.3 1 
D 10. 1.2.0 [90 2684416] via 10.1.100. L, 00:04:53, Scriaiai 

[90/26844 1 6] via 1 0. 1.13.1, 00:04:53, ScrialO/0.3 1 
D 1 0. 1 .4.0 [90/26844 1 6] via 10.1 . 100. 1, 00:04:54, ScrialO I 
[90/26844 1 6 J via 1 0. 1 . 1 3.1 , 00:04:54, ScrialO/0.3 1 
150.1.0.0/24 is subncttcd, 3 subnets 
D 150.1.4.0 [90/2809856] via 10.1.100.1, 00: 04: 54, ScriaK)/'l 

[90/2809856] via 1 0. 1.13.1, 00:04:54, Scriaia'0.3 1 
D 150.1.2.0 [90 2809856] via 10.1 . 100.1, 00:04:54, ScrialO/1 
[90 280 9856 J via 1 0. 1 . 1 3. 1 , 00:04:54, ScrialO/0.3 1 

On R4 

R4frSho\v ip route cigrp 300 

1.0. 0.0' 24 is sub net ted, 4 subnets 
D 1.1 .0.0 [90/2297856] via 10.1.14.1, 00:09: 1 1 , ScriaK)/0.4 1 
D 1. 1.1.0 [90 2297856] | via 10. 1.14.1, 00:09: 1 1, Scria 10/0.41 
D 1. 1.2.0 [90 2297856] via 10.1.14.1,00:09:11, ScrialO/0.41 
D 1. 1.3.0 [90/2297856] via 10. 1.14.1, 00:09:1 1, Scria 10/0 .41 

1 0.0.0. fl'24 is subnet ted, 9 subnets 
D 1 0. 1 . 1 3. [90/268 1 856] via 10.1. 14. 1, 00:09: 1 1 , ScrialO/0.41 
D 1 0. 1 . 1 2. [90 268 1 856] via 10.1 . 14. 1, 00:09: 1 1 , Serial WO. 41 
D 1 0. 1 .3.0 [90 26844 1 6 j via 10.1. 14. 1 , 00:09: 1 1 , ScrialQ'0.41 
D 10.1.2.0 [90/2684416] via 10.1. 14.1,00:09:1 1, ScrialO'0.41 
D 10. 1 .1 00.0 [90/268 1 8561 via 10.1.14.1, 00:09: 1 1 , SerialO/0.4 1 

150. 1 .0.0/24 is subnettcd. 3 subnets 
D 150.1.3.0 [90/2809856] via 10.1. 14. 1, 00:09:1 1, ScrialO/0.41 
D 150.1.2.0 [90.-2809856] via 10.1.14.1, 00:09:1 1, ScrialO'0.41 

1 ii uonlimu 'l' thf forth itfin in this task: 

On R4 

R4(eonfig)#ro Liter cigrp 400 
R4(config-routcr)#no au 
R4fc:onrig-routcr)r*nct\vork 10.1.45.4 0.0.0.0 
R4(config-routcr)#nctwork 10.1.46.4 0.0.0.0 

On R5 

R5fconfig)#ro utcr cigrp 400 

R5(cc?nHg-routcr)f*no au 



COE R&$ by NarMk KueharLans Advanced CCIE R&S Work Book 2.11 Page 400a/1068 

£2009 Xarbik Kuchiriani. All rights rcirrvcii 



R5 (c o n tlg-ro u t cr )#nctwo rk 0. 0.0. 

On R6 

R6 (con figure Liter cigrp 400 
R6 (c a n fig-ro u t cr)#no au 
R6(config-routcr)#nctwork 0. 0.0.0 



To vLiitv the 1 configuration: 



On K4 

R4nShow ip route cigrp 400 

10.0.0.0/24 is subnetted 10 subnets 
D 10.1.56.0 [90/21 724 16J via 10.1.46.6, 00:00:32, ScrialO 0.46 

150. 1.0.0:24 is subnetted 5 subnets 
D 150.1.6.0 [90/2297856] via 10.1.46.6,00:00:32, ScrialO/0.46 
D 1 50. 1 . 5. [ 90 '2 3 04 1 6 J via 1 . 1 .46 . 6, 00 :00 : 32 , ScrialO . 46 

On K5 

R 5" Show ip route cigrp 

10.0 .0.Q/24 is subnetted, 3 subnets 
D 10.1.46.0 [90/2172416] via 10.1.56.6, 00:01:03, FastEthcrnctO. 

150.1.0.0/24 is subnetted 2 subnets 
D 150.1.6.0 [90/1 56 160 J via 10.1.56.6,00:01:00, FastEthcrnctO/0 

On K6 

R 6** Show ip route cigrp 

10.0.0.0/24 is subnetted 3 subnets 
D 10. 1.45.0 [90/2172416] via 10.1.56.5, 00:01:22, FastEthcrnctO 

150. 1.0.0/24 is subnetted 2 subnets 
D 150.1.5.0 [90/156160] via 10.1.56.5,00:01:22, FastEthcrnctO/0 



CCIE R&*» by Narbik Kuehariaiw Advanced CCIE R&S Work Book 2.0 Page 401 of 1068 

C2009 Narbik Kucha rianx All rijjhu rcirncd 



Task 2 

Configure the hello and dead interval of all the routers in AS 300 to 20 and 
respectively. 



On kl 

Rl(eoiifigpiitS0 0.12 

Rl(config-subif)#ip hello-interval eigrp 300 20 
Rli;config-SLibit)#ip hold-time eigrp 300 80 

Rl (config-subifJSInl SO/0.13 
Rl(config-subit)#ip hello -interval eigrp 300 20 
Rl(config-subit)#ip ho Id- lime eigrp 300 80 

Rl (config-subif)#Int SO/0.14 

Rl (config-subitVip hello-interval eigrp 300 20 

Rl(config-subifl#ip hold-time eigrp 300 SO 

Rl(config-subifi#lnlS(l/l 

Rl(config-ii>ip hello-interval eigrp 300 20 

Rl(config-il>ip hold-time eigrp 300 80 

On R2 

R2(config)*lntS0V0.21 

R2(config-subifi#ip hello -interval eigrp 300 20 

R2(coniig-subif)#ip ho Id- lime eigrp 300 SO 

On k3 

R3(config)#lratS0 0.31 

R3(config-subifJ#ip hello-interval eigrp 300 20 
R3(config-SLibif)#ip hold-time eigrp 300 SO 

R3(config-subifi#Int S0/1 

R3(config-it>#ip hello-interval eigrp 300 20 

R3(config-ii>ip hold-time eigrp 300 80 

On K4 

R4(config)#lntS0/0.41 

R4(config-subi:f)r*ip hello-interval eigrp 300 20 

R4(config-subif)#ip hold-time eigrp 300 SO 



COE R&^s b\ .Wink Kuchariaiw \d\ anixd OCIE R&S Work Buok 2.0 Page 402afl068 

C 2009 Narbik Kucha rianx All rijhu raerved 



Task 3 

Ensure that the routers in AS1 00 ONLY use bandwidth to calculate their composite 
metric. 



Note the composite metric for network 150.1.1 1 1.0 .'24 is calculated as follows: 

10,0(10,000 Kbit divided by the slowest bandwidth along the path to a given 
destination (In this case network 150.1.1 1 1.0 .'24 ), plus the sum of all interface delays 
along the path to that destination divided by 10 , and then, the result of the previous 
calculation should be multiplied In 256: 



BB Iff Show intloO ; Inc MTU 

MTU 1514 bytes, B\V 8000000 Kbit /sec, DLY 5000 usee, 

BBlffShint FO-O 

MTU 1500 bytes, B\V 100000 Kbit/sec, DLY 100 usee 

10,000,000/ 1 (10.000 = 100 

5000- 100 = 5100/10 = 510 

(100 - 510) * 256= 156160 This is the composite metric that should be seen in the 
routing table 

On Rl 



R 1 *sh ip route 150.1.111 .0 Inc metric 

Known via "cigrp 100", distance 90, metric 156160, type internal 
Route metric is 156160. traffic share count is 1 

To change the K \ alues hased on the requirement: 

On Both routLT.s: 

(config)#routcr cigrp 100 

(config-ra utcr ^metric weight 1 

Note once the K value of a router is changed, the neighbor adjacency goes (town, 
because if the K values are different between two routers, the routers will not form 
neighbor adjacency. The following parameters must be the same 



CCIE R&«* by Narbik Koehariuiw Advanced CC1E R&S Work Book 2.0 Page 403 of 1068 

C 3009 Narbik Kucha runt. All rt||hu reserved 



on two routers before they become adjacent: 

> The K values 

> AS numb el's 

> They must share the same layer two data link and be from the same IP 
address space. 

> If authentication must be enabled, it must be enabled on both routers and the 
password for the authentication must match. 

To verify the tonliauradun: 

On Rl 

Rl#Show ip protocols 

Routing Protocol is "eigrp 100" 

Outgoing update filter list lb rail interlaces is not set 

Incoming update filter list for all interlaces is not set 

Default networks flagged in outgoing updates 

Default networks accepted from incoming updates 

EIGRP metric weight Kl=l, K2=fl, K3=0,K4=0, K5=0 
i The rest of the output is omitted) 

R 1 "Show ip eigrp 1 00 neighbors 

1P-E1GRP neighbors for process 100 

H Address Interface Hold Uptime SRTT RTO Q Scq 

(sec) (rns) Cnt Num 

1 0. 1 . 1 I I . i I I FaO/0 11 00: 10:34 5 300 8 

Rjjjgh ip rout eigrp 100 

150. 1.0.0 24 is subnetted, 5 subnets 
D 1 50. 1. 11 1.0 [90/25600] via 10.1 . 1 1 1 . 1 I L 00:12:22, FastE thcrnctO/0 

Note once the routers are configured, the composite value is changed based on 
bandwidth multiplied by 256 as follows: 

100 * 256 = 25600 



CCIE R&5> by Narlik Kuehariaiw Advanced CCIE R&S Work Book 2.0 Page 404 of 1068 

C2009 >iarl>ik Kucha riani. All rijhfci raerved 



Task 4 

Ensure that the routers in AS200 ONLY use the delay parameter to calculate their 
■composite metric. 



On Both routers: 

(eonfig)#routcr cigrp 200 

(config -router')?* metric weight (1 1 (I 

Note in this case only the delay value is considered, therefore, the sum of all the 
interface delays divided hy 10 should he multiplied hy 256 as follows: 

(5000 - 1 00) .' 10 = 510 This is the sum of all interface delay values divided hy 10. 

510 * 256 = 130560 This should be the new composite value. 

To test the configuration: 



On R2 

R2#Show ip route cigrp 200 

150. 1.0.0/24 is subnettcd. 4 subnets 
D 150.1.1 12.0 [90/130560] via 10. 1.1 1 2.1 12,00:01:00, FastEthcrnctO 



Task 5 

Configure R I to summarize it'sLoopback 1 —4 based on the following policy: 

> Rl should ONLY advertise the summary route to R2. 

> R 1 should advertise the summary route plus the network lor Loopback 2 to R3. 

> R 1 should advertise the summary route plus all the specific networks to R4. 

> Only one summary command per neighbor should be used to accomplish this 
task. 



To configure the firs! hem: 



CCIE R&«* by NarMk Kueharians Advanced CCIE R&S Work Book 2.0 Page 40Safl068 

C2009 Narvik Kochariaiu. All rig h Unnerved 



On kl 

Rl(config)#intS0/0.12 

Rl(config-SLibif)#ip summary- ad dress cigrp 300 1.1.0.0 255.255.252.0 

¥"©11 should seethe following message: 

%DUAL-5-NBRCHANGE: IP-EfGRP(0/ 300: Neighbor 10. 1.12.2 (SerblO/0. 12/ is 
resync: summary configured 

To test the configuration : 

On R2 

R2"Sho\v ip route cigrp 300 Inc .'22 

1.0.0.0/22 is subneited, 1 subnets 
D 1.1.0.0 190/22978561 via 10.1.12.1,00:01:03, 5erial0/0.21 

To configure the second item: 

Since configuring multiple summary commands is not allowed, one nay to 

accomplish (his (ask is (o configure (ho virtual template interlaces, one between 

Rl and R3, and another one betaeen Rl and R4. 

Note the "leak-map"" option is available under the physical and virtual-template 

interfaces. 

On Kl 



To configure PPP, a virtual-template interface must be configured and the IP 
address of the sub-interface must be assigned to the virtual-template: 

Rlfconfig^intSO/D. 13 
RI('config-subif)#no ip addr 

Rl(config)#lnt virtual-template 13 

Rl(config-if)#ip address 10. 1.13. 1 255.255.255.0 

Rl(config-il>ip summary-address eigrp 300 1.1.11.(1 255.255.252.0 leak-map Rl-3 

R 1 (c o n fig )# Route- map Rl-3 permit 10 
Rlf'conllg-routc-mapi^mak'h ip addr 1 

Rl(config)*access-list 1 permit 1.1.1.0 0.0.0.255 



CCIE R&<> by Nartrfk Kucharians Advanced CCIE R&S Work Book 2.0 Page 406 of 1068 

C 2009 NarbikKochariaiu. All rijhu rcirrvwl 



Note the leak- map option is now available, this option references a route-map, 
and the route-map references an access-list and what ever network's that is 
permitted in the access-list will be leaked along the summary route. 

Lastly the virtual-template interface is assigned to the sub-interface. 

Rli;config)#intSO.O.I3 

Rl(config-Siibif)#fra me- relay interface-dlci 103 ppp \irtual-Template 13 

Since there are two links (Int SO/0.13 and SO/1) between Rl and R3, the summary 
should also be applied to SO/1 interface: 

Rl(config)MntSO/l 

Rl(config-il>#ip summary-address eigrp 300 1.1.0.0 255.255.252.0 leak-map Rl-3 

On K3 

R3(config)r#int SO/0.31 
R3(config-subif)#no ip addr 

R3(config)#lnt virtual-template 31 
R3(oon£ig-if)#ip address 1 0. 1 . 13.3 255.255.255.0 

R3(config-it>int SO 0.31 

R3( con fig-sub if)P frame- relay interface-dlci 301 ppp virtual -Temp I ate 31 

To verify the configuration: 



On K3 

R3f*Sh ip route cigrp 300 

1.0.0.0/8 is variably subnetted, 2 subnets. 2 masks 
D 1.1 .0.0/22 [90/2297856] via 10.1. 1 00. 1 , 00:02: 1 5 r ScrialO/ 1 
D I.I.I .0 24 [90 .'229785 6 J via 10. 1 .1 00.1 , 00:02:1 5, ScrialO/ 1 

10.0.0.0/8 is variably subnettcd, 8 subnets, 2 masks 
D 10. 1.140/24 [90.268 1 856 J via 10.1. 100. 1 , 00:02: 1 5, ScrialG-i 
D 1 0. 1 . 1 2. 24 [ 90 2 6 8 1 8 5 6 J via 1 . 1 . 1 00 . 1 , 00: 02 : 1 5 , ScrialO/ 1 
D 10. 1 2.0/24 [90 26844 1 6] via 10.1.1 00. 1 , 00:02: 1 5, ScrialO/ 1 
D 10. 1 .4.0/24 [90 26844 1 6 J via 10. 1 .100.1 , 00:02: 15., ScrialO' 1 

150.1.0.0/24 is subnettcd, 3 subnets 
D 1 50. 1.4.0 [50 2809856J via 10.1. 100. 1,00:02: 15, ScrialO/1 
D 150. 1.2.0 [90 2809856] via 10.1. 100. 1,00:02: 15, ScriaW/1 



CCIE R&S by Narblk Kucharians Advanced CCIE R&S Work Book 2.0 Page 40? of 1068 

C2009 Xarbik Kucha runs. All rig lib rejervrii 



To configure th l 1 third ituni: 



On Rl 



R 1 (c o n fig-s Lib if)#i nt SO /O . 1 4 
Rl(config-subif)#rjo ip addr 

Rlfconfig^Inl virtual-template 14 

Rl(config-it>ip address 10.1.14.1 255.255.255.0 

Rllconfig-il>ip summary -address eigrp 300 1.1.0.0 255.255.252.0 leak-map Rl-4 

Rli;config)#intS0 0.14 

R 1 (eon fig-s ubif)# frame- relay in.leriace-d.lei 104ppp virtual-Turn pi alt: 14 

R I iconi":^:)- Route-map Rl-4 permit 10 

Note if the leak-map references a mute-map, and the mute-map does not 
reference an access-list or it references an access-list that does not exist, the 
summary plus all specific routes are advertised. 

On R4 

R4(eonfig)#int SO/0.41 

R4 (con fig-s Lib if)#no ip addr 

R4(config)#Int virtual-template 41 

R4(config-il>*ip address 10.1.14.4 255.255.255.0 

R4(config-if)#int SO/0.41 

R4 (con fig-s ubif)T*frarne- relay interface-dlci 401 ppp virtual-Template 41 

To verify the configuration: 

On R4 

R4#Show ip route gigrj 300 



1.0.0.0/8 is variahlv suhnetted, 5 subnets, 2 masks 



D 
D 
D 
D 

D 



1.1.0.0/24 |90/27136001 via 10.1.14.1, 00 
1.1.0.0/22 |90/27136001 via 10.1.14.1, 00 
1.1.1.0/24 190/27136001 via 10.1.14.1, 00 
1.1.2.0/24 190/27136001 via 10.1.14.1, DO 
1.13.0/24 190/2713600) via 10.1.14.1, 00 



13, Virtu al-Aeeess2 
13, Virtual-Access2 
13, V irtual-Access2 
13, \ irtual-Access2 
13, \irtual-Access2 



lO.O.O.G'S is variably subnetted, 12 subnets, 2 masks 



CCIE R&«» b* Narblk Kuehar-ians 



Ad* anted CCIE R&S Work Book 2.0 

C 2009 Varbik Kucha rian«. All riflhU reserved 



Page 408 of 1068 



D 


10. 1.13.3 32 [90 5145600J via 10. 1.14.1, 00:00:13, Virtual- Acccss2 


D 


10. 1.13.0.24 [90.5145600] via 10. 1. 14.1, 00:00:13, Vhtual-AcccssZ 


D 


10. 1.12.0 24 [90/4729856] via 10.1. 14.1, 00:00:13, Virtual- Acccss2 


D 


1 0. 1 .3.0/24 [90/47324 1 6J via 10. 1 .14. 1 , 00:00: 1 3, Virtual- Ac ccs*2 


D 


1 0. 1 .2.0/24 [90/47324 1 6] via 10.1.14.1, 00:00: 1 3, Virtual- Ac ccss2 


D 


1 0. 1.1 OO.Q/24 [90'4729S56j via 10.1 . 14. 1 , 00:00: 1 3, Virtual- Ace css2 




150. 1.0.0/24 is sub net ted. 5 subnets 


D 


150.1.3.0 [90/4857856] via 10.1.14.1, 00:00:14, Virtual-Acccss2 


D 


150.1.2.0 [90.4857856] \ia 10.1.14.1, 00:00:14, Virtual-Acccss2 



Task 6 

R4 should perform unequal cost load balancing to get to network 1 0.1.56.0 24. 



Note R4 takes R6 (10.1.46.6) to get to network 10.1.56.0 '24, the routing table of R4 
reveals this information: 

R4#Sho\v ip route cigrp 400 

10.0.0.0/8 is variably subnetted, 12 subnets, 2 masks 
D 10. 1.56.U'24 |90.*21724161 via 10.1.46.6, 00:44:40, SerialO/0.46 

150.1.0.0/24 is subnetted, 5 subnets 
D 150.1.6.0 [90 2297856] via 10.1.46.6,00:44:40, ScrialO 0.46 
D 150.1.5.0 [90 '230041 6] via 10.1.46.6, 00:44:40, ScrialO'0.46 

In order to perform an unequal cost load balancing, the advertised distance of the 
worst route should be hmer than the feasible distance. In this case the advertise 
distance of R5 for network 10.1.56.0 /24 is 28160, this value is less than the feasible 
distance which is 2172416, this means that R? hil'l'Is the feasibility condition. 
therefore, the unequal cost load balancing can be performed. 

R4#Show ip cigrp 400 topology 10. 1 .56.0/24 

1P-EIGRP (AS 400): Topology entry for 10. 1.56.0.24 

State is Passive, Query origin flag is 1. I Succcssor(s), FD is 2172416 
Routing Descriptor Blocks: 

10.1.46.6 (Scrialtt'0.46), from 10.1.46.6, Send flag is 0x0 
Composite metric is (2172416 | '28160), Route is Internal 
Vector metric: 
Minimum bandwidth is 1544 Kbit 
Total dclav is 20 1 00 microseconds 



CCIE R&S by Narbik Kuehariuiis Advanced CCIE R&S Work Book 2.0 Page 409afl068 

C2009 Narbik Kocluiruiiu. All rijhb raerved 



Reliability is 255/255 

Load is 1/255 

Minimum MTU is 1500 

Hop count is 1 
10. 1.45.5 (Scrial0/0.45), from 10. 1.45.5, Send flag is 0x0 
Composite metric is (5514496/281 60). Route :s Interna! 
Vector metric: 

Minimum bandwidth is 512 Kbit 

Total delay is 20 100 microseconds 

Reliability is 255/255 

Load is 1/255 

Minimum MTU is 1500 

Hop count is 1 

The last step in accomplishing this task is to divide the waist route by the best route 
to get the ratio: 

5,514,496/2,172,416 = 2.538 

The result is the number that must be configured using the "variance" command. 
This \ Liluu should he rounded up: in this ease (lie result is 3. 

On R4 

R4(config)rrroutcrcigrp 400 
R4 (c o n fig-r o u ter)# variance 3 



To verify the configuration: 



On K4 

R4#Show ip route cigrp 400 

10.0.0.0/8 is variably sub net ted, 12 subnets, 2 masks 
D 10.1.56.0/24 |90/2172416| via 10.1.46.6, 00:00:23, SerialO/0.46 
190/55144961 via 10.1.45.5, 00:00:23, SerialO/0.45 
ISO. 1.0.0/24 is subnetted, 5 subnets 
D 150.1.6.0 190/22978561 via 10.1.46.6, (I 
190,56424961 via 10.1.45.5,(1 
D 150.1.5.0 |90/2300416| via 10.1.46.6, 
|905639936| via 10.1.45.5,00; 



23, SerialO/0.46 

23, Seri a 10 0.45 
23, Seri a 10 0.46 
23, Se rial 0.45 



CCIE R&Ss bv Narbik Kuirhuriim. 



Advanced CCIE R&S, Wflrk Book 2.0 

C2009 Mar bib Kucha rianx All righu reserved 



Page 41 Oof 1068 



Task 7 

Configure Rl to disable the SI A timer for AS 300 and set the SI A timer to 60 minutes for 
AS LOO. 



On Rl 

Rl (config)* Router eigrp 1(1(1 

Rl (config-routcrYf* timers active-time 60 

R I (c n tlg-ro u t cr ) * Ro u ter ei g r p 3 (HI 

Rl (config-routcr)#iimers active-time disabled 



TaskS 

Configure authentication for all the routers, in AS 300 and set the passwords as follows: 

> R 1 and R2 should use "Cisco 1 2 :r . 

> Rl and R3 should use "Cisco 13". 

> R 1 and R4 should use "Cisco 1 4". 



To configure authentication between Rl and R2: 

On Rl and \U 

( eoniig)* Key c hain Rl - 2 
(config-kcyehain)# key 1 
(config4ccychain - key )f#kcy- string Cisco 12 

On Rl 



Rl(eonfig)#intS0,'0.12 

R lfconfig-s uta if)#ip authentication key -chain eigrp 300 Rl-2 

Rl (config-subit)#ip authentication mode eigrp 300 md5 

On R2 

R2i;conl1g^int SO/0.21 



CHE R&S by NarMk Kuchariaiw Advanced CCIE R&S Work Book 2.0 Page 411 of 1068 

C 3(109 Virbik Kucha rianx All rights raervctl 



R2(config-subif)#ip authentication key-chain cigrp 300 Rl-2 
R2(config-subif)#ip authentication mode cigrp 300 md5 

To test the configuration: 

On R2 

R_"Sho\v ip route cigrp 300 

1.0.0.0/22 is sub netted, 1 subnets 
D 1. 1.0.0 [90,2297856] via 10.1.12.1, 00:00:19, ScrialO/0.21 

10.0.0.0/8 is variably subnetted, 10 subnets, 2 masks 
D 10. 1.14.4/32 [90,4729856] via 10.1. 12.1, 00:00:19, ScrialO/0.21 
D I ft 1.14. 024 [ 90,4 72 9 8 5 6 J v ia 1 . 1 . 1 2 . 1 , 00 : 00 : 1 9 , Scria IQ'0.21 
D 10. 1.13.3/32 [90/4729856] via 10.1.12.1, 00:00:19, ScriaRTO.21 
D 10. I.I 3 24 [90 4729856] via 10.1.12.1, 00:00:19, ScrialO/0.21 
D 1 0. 1 .3.0/24 [90, 26844 1 6] via 10. 1 .12.1 , 00:00: 1 9, ScrialO'0.2 1 
D 1 0. 1 .4.0:24 [90/47324 1 6] via 10. 1 .12.1 , 00:005 1 9, ScrialO'0. 2 1 
D 10.1.100.0/24 [90,2681856] via 10.1.12.1,00:00:19, ScrialO/0.21 

150. 1.0.0 24 is subnetted, 4 subnets 
D 150.1.4.0 [90/4857856] via 10.1.12.1, 00:00:19, Scrialtt'0.21 
D 150.1.3.0 [90 2809856] via 10.1.12.1, 00:00:19, Scriaia.'0.21 

A "Shum ip eiyrp interface detail" command can also he used to verify the 
authentication. 

R2sShow ip cigrp inter detail ' B ScO 0.2 1 

ScO'O.21 I O'O 109 15 575 

Hello interval is 20 sec 
Next xmit serial <nonc> 

L'n" reliable mcasts: 0,0 Unreliable ucasts: 39 '33 
Mcast exceptions: CR packets: ACKs suppressed: 14 
Retransmissions sent: 3 Out -of- sequence revd: 3 
Authentication mode is md5, key-chain is "Rl-2" 
Use unieast 

To configure authentication h clue en Rl and R3: 

On kl and k3: 

(config)#kcy chain Rl-3 
i'confjg-kcycbain)#kcy 1 
f config-k eye hain- key )# key -string Cisco 13 



CCIE R&$ by NarMk Kuc-hariaiw Advanced CC1E R&S Wflrk Book 2.0 Page 412 of 1068 

C 2009 Narbik Kucha rliia All righti raervetl 



On Kl 

Rl (config)#int v irtual- tempi ate 1 3 

R 1 (con fig- if )#ip authentication key-chain cigrp 300 Rl-3 

R 1 (con fig- if )#ip authentication modecigrp 300 md5 

Rl(config-ityintSO/l 

R 1 (con fig- if)#ip authentication key-chain cigrp 300 Rl-3 

Rl(config-if)#ip authentication modecigrp 300 md5 

On R3 

R 3 (c o n fig)# in t v irt ual- temp 1 atc3 I 

R3iconfig-if)#ip authentication key-chain cigrp 300 Rl-3 

R 3 (con fig- if)rrip authentication modecigrp 300 md5 

R3(config-kcychain-kcy)#int SO/ 1 

R3(config-if)#ip authentication key-chain cigrp 300 Rl-3 

R3(config-if)#ip authentication modecigrp 300 md5 



In test the configuration: 



On K3 

R3r^Sho\v ip route cigrp 300 

1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks 
D I.I .0.0 22 [90/229785 6 J via 10. 1 .1 00.1 , 00:00:1 7, ScrialO/ 1 
D 1. 1 . 1 .0 24 [90 .'229785 6 J via 10. 1.100,1, 00:00:17, ScrialO/ 1 

10.0.0.0:8 is variably subnettcd, 9 subnets. 2 masks 
D 1 0. 1 . 1 4. 4/32 [ 90.4 72 9 8 5 6 ] v ia 1 . 1 . 1 00 . 1 , 0: 00 : 1 7 , ScrialO/ 1 
D 1 0. 1.14. 0/24 [90/4729 856 J via 10. 1. 100. 1 , 00:00: 1 7, ScrialO/ 1 
D 1 0. 1 . 1 2.0/24 [90/268 1 856] via 1 0. 1. 100. 1 , 00:00: 1 7, ScrialQ-i 
D 10. 1 2.0/24 [90/26844 1 6J via 10.1.1 00. 1 , 00:00: 1 7, ScrialO'l 
D 1 0. 1 .4.0/24 [90/47324 1 6] via 10. 1 . 1 00. 1 , 00:00: 1 7, ScrialO/ 1 

150.1.0.0/24 is subnettcd, 3 subnets 
D 150.1.4.0 [90/4857856] via 10.1.100.1, 00:00:17, ScrialO/ 1 
D 150. 1.2.0 [90/2809856] via 10.1.100.1,00:00:17, ScrialO/ 1 

R3#Show ip cigrp 300 neighbors 

1P-E1GRP neighbors lor process 300 

H Address Interface Hold Uptime SRTT RTO Q Scq 



CCIE R&<> h) Narbik Kuchariuiw Advanced CC1E R&S Work Buok 2.11 Page 413 tif 1068 

C2Q09 Narbik Kuchariani. All riflhU rcirrvtd 



(sec) (ms) 
1 10. I.I 3.1 V12 1000:00:27 132 
1 0.1.1 00.1 ScO/1 66 00:06:08 32 

To configure authentication between Rl and R4: 


Cnt Num 

792 227 
200 223 


On Rl and R4: 





( coniig)#kcy c hain R 1 -4 
(config-kcychain)#kcy 1 
(coniig-kcychain-kcy )#key -string Cisco 1 4 

On Rl 



R I ( c o n fig)rr in t v irt ual- temp 1 ate 1 4 

Rlfconfig-if^ip authentication key-chain cigrp 300 Rl-4 

R I (config-if)#ip authentication mode cigrp 300 md.5 

On R4 

R4 fc o n fig)# in t v irt ual- temp 1 at c4 I 

R4(config-if)#ip authentication key-chain cigrp 300 Rl-4 

R4(ct)nfig-if)rrip authentication mode cigrp 300 md5 



To verify the configuration: 



On R4 

R4#Show ip route cigrp 300 

1.0.0.0/8 is variably subnettcd. 5 subnets, 2 masks 
D I.I .0.0/24 [90/271 3600] via 10. 1.14. 1 , 00:0027, Virtual- Access? 
D LI. 0.0 22 [90 271 3600 J via 10.1.14.1, 00:0027, Virtua!-Acccss2 



D 1. 1.1.0 24 [90 2713600 
D 1.1.2.0 24 [90 2713600 



via 10. 1.14.1, 00:0027, Virtual- Ac ccss2 
via 10 J .14.1,00:0027, Virtual- Ac ccss2 
D I.I .3.0 24 [90 .271 3600 J via 10.1.14.1,00:0027, Virtual- Ac ccss2 

1 0.0.0. 0'8 is variably subnettcd, 12 subnets, 2 masks 
D 10. 1.13.3/32 [90/5145600] via 10.1.14.1, 00:00:27, VirtLial-Acccss2 
D 10. 1.13.0 24 [90/5145600] via 10.1.14.1, 00:00:27, Virtual- Ace css2 
D 10. 1.12.0 24 [90 4729856] via 10.1.14.1,00:00:27, Virtual-Acccss2 
D 1 0. 1 .3.0. 24 [90/47324 1 6] via 10. 1.14.1, 00:00:27, Virtual- Ac ccss2 
D 1 0. 1 .2.0 24 [90/47324 1 6] via 10. 1 .14.1 , 00:00:27, Virtual- Ac ccss2 
D 10. 1.100.0/24 [90/4729856] via 10.1 . 14. 1, 00:00:27, Virtual- Ace ess2 



CCIE R&S by NarMk Kueharians Advanced CCIE R&S Work Book 2.0 Page 4l4aflQ68 

C 2009 \ar bit Kucha runt All riflhu rcirncd 





150.1.0.0/24 is sub net ted 5 subnets 












D 


150. 1.3.0 [90 


4857856' via 


10.1. 


14. 1.00:00 


:29, Virtual-Acccss2 


D 


I5CM.ZO[90 


'485 7856] via 


10.1. 


14. \, 00:00 


:29 5 Vi 


rtual-Acecss2 


R4#Shmv ip cigrp 1 


'00 neighbors 














1P-E1GRP neighbors for process . 


m 












H 


Address 


Interface 


Hold Uptime 


SRTT 


RTO 





Scq 








(see) 


(ms) 




Cnt 


N'um 





10.1. 14.1 


Vi2 


12 


00:01:16 


1311 


5000 





246 



Task 9 

BB2 should be configured such that it advertises E1GRP routes with greater than 1 1 
hops as unreachable. 



To see the default setting: 
On BB2 

BB2#Sho\v ip protocols | Ine E1GRP maximum 

EIGRP maximum hopcount 100 

EIGRP maximum metric variance 1 

To coniiizuri 1 tht 1 task; 

On BB2 

BB2(config')#routcr cigrp 200 

B B2 (con fig -routcr)#mc trie maximum-hops 110 

The above command "ill advertise the routes with a hop count higher than 110 as 
unreachable, the default setting is 100 hops, and it can be increased up to 255. 

To verify the configuration: 



On BB2 



BB2#Show in pro toco. Inc EIGRP maximum 



CCIE R&S bj Narbik kuchariaits AdvatiLLil CC'IE R&.S, Wurk Book 2.11 Page 41 S of 1068 

C 2009 Varbik Kudu rum. All rijlilj rntrvnl 



EIGRP maximum hopcount 1 1(1 

EIGRP maximum metric variance 1 



I ask 10 

The administrative distance of all the routers in AS 200 should be configured as follows: 

Internal = 95, External = 138 



To see the default .setting: 

On R2 

RZsShow ip protocol Inc Distance 

Gateway Distance Last Update 

Distance: internal 90 external 170 

To change I lie default values: 

On R2 

R2(config)#routcrcigrp 200 
R2i;conf]g-routcr)#distance eigrp 95 138 

On BB2 

BB2(config)#routar eigrp 200 
BB2(config-rautcr)r*distance eigrp 95 138 

The first value after the ''distance eigrp"" command specifies the administrative 
distance of Eigrp internal routes and the second value specifies the administrative 

distance of Eigrp external routes. 

To verify the configuration: 

On R2 

R2#Show ip protocols Inc Distance 



CCIE R&$ by NarMk Kuchariaiw Advanced CC1E R&S Work Book 2.0 Page 416 of 1068 

C 2009 Narbik Koch* runs. All riflhu raervctl 











Gateway Distance La si Update 
Distance: internal 95 external 138 

Gateway Distance Last Update 
Distance: internal 90 external 1 70 






Task 1 1 

BB2 should be configured to use 30 percent of it's F0/0 link for exchanging updates. 






On BB2 

BBIfconfig^intfO/O 

BB2(config-it>ip ha ndwidth -percent eigrp 200 30 






Task 12 

BBI should be configured to use 1 5 Mbps of its links bandwidth for exchanging updates. 
You should NOT use the solution from the previous task to accomplish this task. 






On BBI 

BBl(config)#intfaO 

BB 1 (config-if>bandw idth 30000 

By default Eigrp utilizes 50% of the bandwidth, if you multiply the desired value by 
two (In this case 30 Mbps) and set the bandwidth of the interface to that number, 
Eigrp will use half of that number which is the desired value. NOT recommended as 
the first choice, your first choice should be the solution from the previous task, 
unless the use of the "IP Bandwidth-percent'" command is prohibited. 




cc 


Task 13 

BBI should be configured to receive routes from Rl and it should not advertise any 
routes to Rl . You should NOT use any global configuration command as part of the 
solution in accomplishing this task. 

IE R&«* b> Narbik KucharLans Advanced COE R&S Work Book 2.0 Page 417 of It 

C 3009 Nirlhik Kucha rum. All rijjhu reserved 


>6S 



Note Rl is receiving a single route from BBI : 

Rli*Sh ip route cigrp 100 

150. 1.0.0/24 is subnetted 5 subnets 
D 150.1. 1 1 1.0 [9025600] via 10.1.11 1 . 1 I 1 r 03:20:34, FastEthcmctO. 

To configure the tusk: 

On BBI 

BB 1 (config)# router cigrp 100 

BB1 (config-routcr)#eigrp stub receive-only 

To verify the cont'iauratinn: 

On Rl 

Rl#Sho\v ip cigrp 1 00 neighbors 

1P-E1C3RP neighbors for process 100 

H Address " Interlace Hold Uptime SRTT RTC) Q Scq 

(sec) (ms) Cnt Num 

I HI. I I I.I I I FaO/0 1100: 00:48 1 200 13 

On BBI 



BBI^Show ip route cigrp 100 

150. 1 .0.0/24 is subnetted, 2 subnets 
D 1 50. 1. 1. [90 .'85248] via 10. 1. 1 1 1 . L 00:02:3 1 , FastEthcmctO 

Note BBI only receives mutes from Rl and it does NOT advertise any routes to Rl, 
but the neighbor adjacency is maintained. 



Task 14 

■Configure Loopbaek 1 (151.1.1 12. 112 .'24) interface on BB2 and advertise this route in 
AS 200. This route should appear in the routing tabic of the routers in this Autonomous 
System as external. 



CCIE R&S by Narbik Kuchariuiw Advanced CCIE R&S Work Book 2.0 Page 418 of 1068 

C 2009 Narbik Kochariaiu. All riflhU rcirrved 



On BB2 

BB2(config)#int lol 

BB2(config-it>ip addr 151.1.1 12 1 12 255.255.255.0 

BB2(config)#acccss-list 1 permit 151. 1.112.0 0.0.0.255 

BB2(config)#Routc-map "1ST permit 10 
BB2(contlg-rautc-map)#match ip addr 1 

BB2(coniig)#routcr eigrp 200 

B B2 (con fig -routcr)r*rcd is tribute connected route-map TST 

To verify the configuration: 

On R2 

R2"Sho\v ip route eigrp 200 

151.1.0.0/24 is subnelled, 1 subnets 
D 151.1.112.0 [95/130560| via 10.1.112.112, 00:00:57, FastEthemetO/0 

150.1.0.0/24 is subnetted, 4 subnets 
D 150.1.1 12.0 195: 130560] via 10. 1.1 12.1 12,00:10:45, FastEthernctO/0 

Note the reason this network did NOT yet injected as an External route is because 
of the way BB2 is configured, the following reveals Eigrp' s configuration of BB2: 

BB2#Sh run S router eigrp 

router eigrp 200 

redistribute connciuedToutc-map TST 

network 0.0.0.0 

metric maximum- hops 1 1 

metric weight s 10 

distance eigrp 95 138 

no auto -summary 

The network statement instructs Eigrp to advertise existing and the future 
configured interfaces in Eigrp AS 200, these routes are internal to Eigrp's AS. Since 
Internal takes precedence over External routes, the network shows up as an 
Internal route, to correct this problem, you should reconfigure the network 
command on BB2 as follows: 

BBZfconfig^routcr eigrp 200 




CCIE R&^ b> NflrMk kuchurians Advanced CCIE RifcS Work Book 2.0 Pqge 4l9oflQ68 

C2009 Narbik Koch* runs. All rig h Unnerved 











BB2(config-routcr)#NO netw 0.0.0.0 
BB2<config-router)#netw 1 0.1.112.112 0.0.0.0 
BB2(config-routcr)#nctw 150.1.1 12.1 12 0.0.0.0 

To verify the configuration: 

On R2 

R2*Ship route cigrp 200 

151. 1. 0.0/24 is subnetted, 1 subnets 
DEX 15 1.1.112.0 [138/1305601 via 10.1.1 12.1 12, 00:01:16, FastEtliernetO/O 

150.1.0.0/24 is subnetted, 4 subnets 
D 1 50. 1 . 1 1 2. [95 1 30560] via 10. 1.1 1 2. 1 1 2, 00:0 1:10, FastEthernctO/0 






Task 15 

Configure a static mute on BB2 ib r network 160.1.112.0 /24 using nu 110 interlace as the 
next hop: this route should be redistributed on BB2. Ensure that existing and future 
redistributed routes arc assigned the following metric: 

Bandwidth =1500 
Load = I 
Delay = 20000 
Reliability =255 
MTU = 1500 






On BB2 

BB2(config)*ip route 160.1.112.0 255.255.255.0 nullO 

BB2 (con figure Liter cigrp 200 

BB2(config-routcr)#dctkuk- metric 1500 20000 255 1 1500 
B B 2 (co n fig-ro utar)# red is tribu tc static 

To verify the configuration: 

On R2 

R 2- Show in route cigrp 200 




cc 


IE R&«* b> NflrWk Koeharians Advanced COE R&S Work Book 2.0 Page 420o/Jt 

C 10419 Varbik Kucha ria nx All righti raervetl 


US 











[60.1.0.0/24 is subletted, 1 subnets 

DEX 160.1.112.01138/51225601 via HLL1 12.112, 00:00:59, F as (El heme 10/ 
151.1.0.0/24 is sub netted, 1 subnets 

D EX 151.1.112.0 IBS/1305601 via 10.1.112.112, 00:05:31, FastEtliemel(>/(> 
150.1.0.0/24 is subnetted, 4 subnets 

D 1 5(1 1.1110 [95 130560] via 10. 1 .1 1 2.1 1 2, 00:20: 14, FastEthcrnctO 

Note the default -metric command ONLY affects the static and other redistributed 
routes but NOT the connected. 






Task 16 

Configure BB2 such that it ONLY advertises routes that arc redistributed and connected 
networks that arc advertised in Eigrp routing protocol. You should NOT use any global 
€ on iigu ration command as part of the solution to accomplish this task. 






On BB2 

B B2 (con fig)* Router eigrp 200 

BB2(config-rautcr)neigrp stub connected static 

To verify the configuration: 

On R2 

R2 s Sho\v ip route eigrp 200 

160.1.0.0 24 is subnetted, I subnets 
D EX 160.1.112.0 [138/5122560] via 10. 1.1 12.1 12, 00:01:02, FastEthcrnctO/0 

151. 1.0.0/24 is subnetted, 1 subnets 
D EX 151.1.112,0 [138/130560] via 10.1.112.112,00:00:05, FastEthcrnctO/0 

150.1.0.0/24 is subnetted, 4 subnets 
D 150.1.1 12.0 [95/130560] via 10.1.1 12.1 12,00:01:02, FastEthcrnctO/0 

Note the directly connected and ALL redistributed routes are advertised to R2. 




cc 


IE R&<> b) Narbik KocharLans Advanced CCIE R&S Work Book 2.0 Page 421 of li 

C2009 Narbik Kucha rianx All rhjhu raerved 


)6S 





[ask 17 

Configure R5 NOT to log changes in E1GRP neighbor adjacency, 






By default Eiyrp logs changes in Eigrp neighbor adjacencies. If this is not needed, 
this feature can he disabled using the following configuration: 

On R5 

R 5 icon figure utcr eigrp 400 
R5(config-routcr)#NO eigrp log-neighbor-changes 






Task 18 

Configure R6 to log neighbor warning messages for the Eigrp 400 and repeat the warning 
message every 5 minutes. 






To enable the logging of "Eigrp neighbor warning messages'' you must enter "eigrp 
log- neighbor-learnings" command under the router eigrp process. This naming 

message can be repeated based on the number of seconds configured. 

By default, neighbor naming messages are logged. If this behavior needs to be 

changed, then "no eigrp log-neighbor-iiarning'" message must be used. 

On R6 

R6 (c o n fig-s ub if )#ro utcr eigrp 4 

R6 ( co nfig-ro Liter)?* eigrp log -neigh bor-ii a rning 3 0(1 






Task 19 

Configure R3 to add 50 to the composite metric of all routes received through it's SO 1 
interface from router R I . 






The following slums the composite metric of all the mutes received from Rl: 
Rjr^Show ip route eigrp 300 




cc 


IE R&S b> Narbik KuL-harians Advanced CCIE R&S Work Book 2.11 Page 422 of It 

C 2009 Narbik Kacluiruiiu. All rq|h.U reserved 


>6S 



1.0.0.0/8 is variably subncttcd, 2 subnets. 2 masks 
D 1.1.0.022 [9 0/2297 8 5 6] v ia 1 . 1 . 1 00 . 1 , 00:0*2 8 , Serial 1 
D I.I.I. 0/24 [90/229 7 8 5 6] j via 10 . 1 . 1 . 1 , 00 :04:2 8 , ScrialO/ 1 

IO.O.O.G'8 is variably subncttcd. 9 subnets. 2 masks 
D I ft 1 . 1 4.4/32 [90.4729856] via 10. 1. 100. 1 , 00:04:28, ScrialQ-i 
D 10. 1.14.0/24 [90/4729856] via 10. 1. 100. 1 , 00:04:28, ScrialO/1 
D 10.1.12.0/24 [90/2681856] via 10.1. 100.1,00:04:28, ScrialO/i 
D 10.1.2.0/24 [90/2684416] via 10.1.100.1, 00:04:28, ScrialO' 1 
D 1 0. 1 .4.0 '24 [90/47324 1 6 J via 10. 1 .100. 1 , 00:04:28, ScrialO/ 1 

150. 1 .0.0/24 is subncttcd, 3 subnets 
D 150.1.4.0 [90/4857856] via 10.1.100.1, 00:04:28, ScrialO.i 
D 150. 1.2.0 [90/2809856] via 10.1.100.1,00:04:28, ScrialO.i 

I i) configure Khirp to add 50 to tin. 1 existing cum po situ metric: 

On K3 

Offset-list can be configured to reference an access-list, which references a 
network's. If the offset -list references "0" instead of an access-list number, the offset 
value applies to all the mutes received through the specified in ted ace. In this case 

SO ' 1 . 

R3(config)#routercigrp 300 

R3 (c on fig- router)* offset -list in 50 SO/1 

'1'n verify the configuration: 

On K3 

R3*Sh ip route cigrp 300 

1.0.0.0/8 is variably subncttcd, 2 subnets, 2 masks 
D 1. 1 .0.0 22 [90 2297906] via 10. 1.100.1, 00:00:1 6, ScrialQi 
D 1. 1 .1.0/24 [90/2297906] via 10. 1.100.1, 00:00:1 6, ScriaRTi 

10.0.0.0'S is variably subncttcd, 9 subnets, 2 masks 
D 10. 1 .14 4/32 [90*4729 906] via 10.1.1 00. 1 , 00: 00: 1 6, ScrialO-'' 1 
D 10.1. 1 4. 0' 24 [ 9 47 2 9 9 6 ] v ia 1 . 1 . 1 00 .1,0 0: 00:16, ScrialO-' 1 
D 10.1.12.0/24 [90 2681906] via 10.1.100.1,00:00:16, ScrialO.-' 1 
D 10. 12.0/24 [90 2684466] via 10. 1.100.1 , 00:00:16, ScrialO/1 
D 10. 1.4.0/24 [90 4732466] via 10.1.100.1, 00:00:16, ScrialO' 1 

150.1.0.0/24 is subncttcd, 3 subnets 
D 150. 1.4.0 [90 4857906] via 10.1.100.1,00:00:16, ScrialO/1 
D 1 50. 1.2.0 [90 2809906J via 10.1. 100. 1,00:00: 16, ScrialO.i 



CCIE R&S by Nartuk Kucharians Advanced CCIE R&S Work Book 2.0 Page 423 of 1068 

C2009 Varbik. Kucha rlim All rijjhU rcirrvrii 



Note a cost of 50 is added to the composite metric of all routes received through SO/1 
interface. 



Task 20 

Configure R4 to perform a mutual redistribution between AS 300 and 400. 



On K4 

R4(config)#ro utcr cigrp 400 
R4(config-routcr)#redistribute eigrp 300 

R4(config-routcr)#routcr cigrp 300 
R4(config-routcr)n : redistribute eigrp 400 

To tt'st the eonfisniration: 

On R2 

R2r ! Sho\v ip route cigrp 300 

1.0.0. (122 issubnetted, 1 subnets 
D 1. 1.0.0 [902297856] via 10.1.12.1, 03:36:16, ScrialO/0.21 

IO.O.O.G'8 is variably subnet ted, 13 subnets, 2 masks 
D 10. 1.14.4 32 [90/4729856] via 10.1.12.1, 00:36:16, ScrialO/0.21 
D 10. 1.14.0.24 [90/4729856] via 10. 1.12 J, 00:36:16, ScrialQ/0.21 
D IQ.1.1 3. 3 32 [90/4729856] via 10. 1. 12.1 , 00:36: 1 6, SerklQ/0.21 
D 1 0. 1.13. 0/24 [90/4729856] via 10. 1.12.1, 00:36: 1 6, ScrialO/0.21 
D 10. 1.3.0 24 [90/2684416] via 10.1.12.1, 00:05:09, ScriaKl'0.21 
D 1 0. 1 .4.0/24 [90/47324 1 6 J via 10. 1 .12.1 , 00:36: 1 6, ScriaKl''0.2 1 
D EX 10.1.46.0/24 [170/5241856] via 10.1.12.1, 00:00:59, ScrialO'0.21 
D EX 10.1.45.0/24 [170. 8583936] via 10.1.12.1,00:00:59, ScriaKl''0.21 
D EX 1 0.1.56.0/24 [170/5244416] via 10.1.12.1, 03:00:59, ScriaKl''0.21 
D 1 0. 1 . 1 00.0 24 [90/268 1 856J via 1 0. 1.12.1, 00: 1 5:34, ScrialO-0.21 

150. 1 .0.0/24 is subnetted, 6 subnets 
D EX 150.1.6.0 [170/5369856] via 10.1.12.1, 00:00:59, ScrialOO.21 
D EX 150.1.5.0 [170/53724 16] via 10.1.12.1, 00:01:00, Serial 0/0.21 
D 1 50. 1.4.0 [90/4857856] via 10.1 . 12. 1, 00:36:17, ScrialMUl 
D 150. 1.3.0 [90/2809856] via 10.1 . 12. 1, 00:05:10, Scriaia'0.21 



CCIE R&«* by NarMk Kucharians Advanced CCIE R&S Work Book 2.0 Page 424 of 1068 

€20419 Mir bib Kuch ■ run «. All righti rcirrvMl 



Task 2 1 



Configure R2 to inject a detank route into AS 200; you should NOT configure any global 
configuration command as part of the solution to accomplish this task. 



On R2 

R2(config)#intfO/0 

R2iconfig-if)#ip summary -address eigrp 2(H) 0.0.0.0 0.0.0.0 



To verify the configuration: 



On BB2 

BB2#Show ip route eigrp 

D* 0.0.0.0 [95 5120] via 10. 1 .1 12.2, 00:01:05, FastEthcrnctO 



task 22 

Configure Rl to perform a mutual redistribution between AS 100 and AS 300, in the 
future there will be another redistribution point, this router should be configured to 
prevent feed back routes when the second redistribution point is added. 



The routing table of RBI is checked before the configuration: 

BBl#Sh ip route cigrp 

150.1.0.0/24 is subnetted, 2 subnets 
D 1 50. 1.1.0 [90/85248] via 1 0. 1 . 1 1 1 . 1 r 00:49:49, FastEthcrnctO. 



On Rl 

Rl(config)#Route-map 100-300 den\ 10 
Rl(config-routc-map)#match tag 300 
R 1 (c o n fig )£ Ro u t c- map 1 (I- 3 (I (I pcrmjllQ- 
Rl (con fig-route* map )#set lag 100 

R 1 (c o n figJ#Ro u tc- map 30 0- 1 00 de in 10 

Rl (con fig-route- map)* match tag 100 
Rl(config)#Routc-map 300-100 permit 20 
Rl(config-routc-map)"Set tag 300 *" 




Note tag 100 is set and 
then denied in the other 
mute-map 



The same is performed for tag 300 



COE R&«* by Narvik Kuchariaiw Advanced CCIE R&S Work Book 2. II 

C2Q09 \«rl>ik Kucha rlim All riflhu reserved 



Page 425 of 1068 



Rl (config-routc-map)r*rautcr cigrp 100 

R] (config-routcr)f*rcdistributc cigrp 300 mute-map 300-100 

R 1 ( c o n ilg-ro u t cr ) U Res ut cr cigrp 3-0 

Rl (confignroutcr)# red is tribute cigrp 100 route-map 100-300 

'i'o verify the configuration: 



On BB1 

BBl^Show ip route cigrp 

1 .0.0.0' 8 is variably sub net ted. 5 subnets. 2 masks 

D EX 1 .1.0.O/24 [170/85248] via 10.1.11 1. !, 00:00:37, FastEthcrnctO 

D EX 1 . 1 .0.0/22 [170/85248] via 1 0. 1. 1 1 1 . 1, 00:00:37. FastEthcrnctOO 

D EX 1 .1.1.0/24 |170/85248] via 10. 1.1 1 1 . 1, 00:00:37, FastEthcrnctO 

D E X 1.1 2.0/24 [ 1 70/8 524 8 ] v ia 1 . 1 . 1 1 I . I , 00 : 00 : 3 7 , Fast E t h crnct .0 

D EX 1.1 .3.0 24 [170/85248] via 10. 1. 1 1 1 . 1, 00:00:37, FastEthcrnctO. 

10.0.0.0/8 is variably subnetted, 13 subnets, 2 masks 

D EX 1 0.1.14.4/32 [170/85248] via 10.1.111.1, 00:00:37, FastEthcrnctO 

D EX 1 0.1. 14.0/24 [170/85248] via 10.1. 1 1 1.1, 00:00:37, FastEthcrnctO 

D EX 10.1. 1 3.3, 32 [170/85248] via 10.1.11 1.1, 00:00:37, FastEthcrnctO 

D EX 1 0. 1 . 1 3.0/24 [170/85248] via 1 0. 1 . 1 1 1 . 1 , 00:00:37, FastEthcrnctO 

D EX 1 0. 1 .12.0/24 [170/1657856] via 10. 1.111.1, 00:00:37, FastEthcrnctO 

D EX 1 0. 1 .3.0 24 [170/1657856] via 10. 1 .1 1 1.1,00:00:37, FastEthcrnctO. 

D E X 10. 1 .2 . 0/24 [ 170/ 1 6 5 7 8 5 6] via 1 . I . I I 1 . 1 , 00 : : 3 7 , FastE t her nctO/0 

D E X 10.1 .4.0/24 [ 170/8 524 8 ] v ia 1 . 1 . 1 I 1 . 1 , 0:0 : 3 8 , FastE .thcmctO/0 

D EX 1 0.1 .46.0/24 [170i657856] via 1 0. 1 . 1 I ! . 1 , 00:00:38, FastE thcrnct 0/0 

D EX 1 0.1 .45.0/24 [170.4999936] via 10.1.111.1, (11:00:38, FastEthcrnctO 

D EX 1 0.1. 56.0/24 [170/1657856] via 1 0. 1 . 1 1 1 . 1 , (11:00:38, FastE thcrnctO/0 

D EX 1 0.1.100.0/24 [170/1657856] via 10.1.1 1 1.1, 00:00:38, FastE thcrnctO/0 

150. 1 .0.0/24 is sub net ted, 7 subnets 

D EX 150. 1 .6.0 [ 170/ 1 657856] via 10.1. 11 1.1, 00:00:38, FastEthcrnctO 

D EX 150. 1 .5.0 [ 170/1 657856] via 10.1 .111.1, 00:00:38, FastEthcrnctOO 

D EX 1 50. 1 .4.0 [ 170/85248] via 10. I . I I 1 . 1 , 00:00:38, FastE thcrnctO-'O 

D EX 150. 1.3.0 [ 170/1 657856] via 10. 1 . I i I . I, 00:00:39, FastE thcrnctO/0 

D EX 150.12.0 [170/1657856] via 10.1.11 1.1, 00:00:39, FastEthcrnctOO 
D 1 50. 1. 1.0 [90/85248] via 10.1.11 1. 1 ,00:53:22, FastEthcrnctO. 

On K6 

R 6* Show ip route 

1. 0.0.0.' 8 is variably sub net ted. 5 subnets. 2 masks 



CCIE R&S by Narbik Kuchariaiw Advanced CC1E R&S Work Book 2.0 Page 426 of 1068 

C MOD Narbik Kuiliirlini. All riyhli raervetl 











D EX 1 .1 .O.0'24 [170/4857856J via 10.1 .46.4 00:1 6:1 5, ScrialO/0.64 






D E X 1 .1 .0.0 22 [1 70/4 857856J via 10.1.46.4, 00:16:15, SerialO/0 .64 






D E X 1.1.1. 24 [1 70/4 8 5 7 8 5 6 J via 1 . 1 . 46 . 4 0: 1 6 : 1 5 , Sen alO/'O .64 






D E X 1.1.2. 024 [ 1 70/4 8 5 7 8 5 6 J via 1 . 1 . 46 . 4 00: 1 6 : 1 5 , Scrial0/0 .64 






D E X 1.1.3. 024 [ 1 70/4 8 5 7 8 5 6 J via 1 . 1 . 46 . 4, 0: 1 6 : 1 5 , ScrialO/0 .64 






10.0.0. 0'8 is variably subnetted, 13 subnets, 2 masks 






D EX 1 0. 1 . 1 4. 1/32 [170/4729856] via 1 0. 1 .46.4, 00: 16:15, ScrialO'O. 64 






D EX 1 0.1.14.0/24 [170/4729856] via 10.1.46.4, 00:16:15, Serial0/0.64 






D EX 10.1.133/32 [170/7289856] via 10.1.46.4, (11:16:15, ScrialO'O. 64 






D EX 10.1.1 3.0 24 [170/7289856] via 10.1.464, (11:16:15, ScrialO'O. 64 






D EX 1 0.1.12.0/24 [170/5241856] via 10.1.46.4, 00:16:15, ScrialO/0.64 






D EX 1 0. 1 .3.0'24 [ 170/52444 1 6] via 10. 1 46.4, 00: 1 6: 1 5, ScrialO/0.64 






D EX 1 0.1 2.W24 [ 170/52444 1 6] via 10. 1 .46.4, 00: 16:15, ScrialO/0.64 






D E X 1 . 1 .4 . 0'24 [ 170/2 1 7 24 1 6] v ia 1 . 1 4 6 . 4, 00: 1 6 : 1 6 , Seria 10/0 .64 






D 10. 1 .45.024 [90/2 1 724 1 6] via 1 0. 1.56.5, 02:39:08, FastEthcrnctO/0 






D EX 10.1.1 1 1.0/24 [170/4732416] via 10.1.464, 00:01:52, Serial 0/0. 64 






D EX 10.1.100.0/24 [170/5241856] via 10.1.46.4, 00:16:16, ScrialO/0.64 






150.1.0.0/24 is subnetted, 6 subnets 






D 150.1.5.0 [90/156160] via 10.1.56.5,02:39:08, FastEthcrnctO/0 






D EX 150.14.0 [170'2297856] via 10.1.46.4, 00:16:16, ScrialO/0.64 






D EX 150.1.3.0 [170/5369856] via 10.1.46.4, 00:16:16, ScrialO'0.64 






D EX 150.1.2.0 [17Q.'5369856j via 10.1.46.4, 00:16:16, ScrialO/0.64 






D EX 150.1.1.0 [170.4857856] via 10.1.46.4, 00:01:54, ScrialO/0.64 






This method is one of the most effective methods used nhen redistribution betxveen 






different routing domains occur. In this method, the routes are tagged as they are 






redistributed and the tags are denied when they are redistributed back. 




Task 23 


Erase the startup configuration and reload the routers before proceeding to the next lab. 


CCIE R&*» by Narvik Kucharians Advanced CC1E R&S Work Book 2.0 Page 42?o/1068 


C2009 >iarl>ik Kucha riani. All rijhUi reserved 



Lab 2 - Advanced EIGRP Stub Configuration 



10.1. 12 2, '24 




A/ 



SO.' 0.41 




H 



SQ'0.12 10. 1.1 2.0 .'24 
SO.' '0.1 3 10.1.13.0 .'24 
SO'0.14 10.1.14JO/24 




10.1.13.3 .'24 



SO.' 0.31 




SO.' "0.45 13.1.45.4:24 



405 




504 



SO.' 0.54 13.1 .4 5. 5. '24 




L.al* Set up: 



• Configure all frame-relay connections in a point-to-point sub- interface manner. 

• Use the IP addressing chart below tor IP address assignment 



CCIE R&* by Narhik Kuehariaiw Advanced CCIE R&S Work Book 2.0 

C2009 Varbik Kucha riani. All rijjhu rt-jcrvcii 



Page 428 of 1068 



II* Addressing: 



Router 


Interface / IP address 


Cnnneetin" to router: 


R] 


SO/0.12-10.1.12.1/24 
SO/0.13-10.1.13.1/24 

SO '0.14- 10.1.14.1 '24 
Loopback 0-1.1.1.1/24 


R2 
R3 
R4 


r: 


SO 0.21 - HI I.I 2.2 24 


R I 


R3 


SO 0.31 -10.1.13.3 24 


R] 


R4 


SO 0.41 -10. 1. 14.4/24 
SO 0.45- 10.1.45.4 24 


Rl 
R5 


R5 


SO/0.54-10.1.45.5/24 
Loopback 2 -2.2.2.2/24 
Loopback 3 -33.3.3/24 


R4 



1 ask I 

Configure OSPF area on the following routers' interfaces; ensure that the loopback 
interfaces arc advertised with their correct mask: 



Router 


1 ntert'aee 


R4 


SO U.4f 


R5 


SO/0.54 
Loopback 2 
Loopback 3 



On R4 

R4 (c o n fig)#ro titer o sp f I 
R4i;config-routcr)#nctw 1 0. 1.45.4 0.0.0.0 area 

On R5 

R5(config)#int ta2 

R 5 (con fig- if)r#i p o sp f nctw po in t-to -no i nt 

R5(config-if)#int lo3 

R 5 ( c o n fig- if)#i p o sp f nctw po in t-to -po i nt 

R5(config)#routcr ospf 1 



CCIE R&S by Narhik Kuehariaiw Advanced CCIE RJtS Work Book 2.0 

C2009 Nar bib Kucha rian«. All rijjhu reiervMl 



Page 429 of 1068 



R5i;contlg-routcr)#nct\v 10.1.45.5 0.0.0.0 area 
R5(conflg-roLitcr)#nct\v 2.12.2 0.0.0.0 area 
R5(conflg-routcr)#rictw 3.3.3.3 0.0.0.0 area 



To verify the configuration: 



On R4 

R4r*Shcnv ip route ospi" 

2 .0.0. 0/24 is subnetted, 1 subnets 
2.2J2.0 [110/65J via 10.1.45.5, (30:01:18, Serial 0.45 

3.0.0.0'24 is subnetted. I subnets 
3.3.3.0 [110/65] via 10.1.45.5, 00:01:18, ScrialO'0.45 



Task 2 

Configure Eigrp 100 on the following routers' interlaces, disable auto summarization: 



Router 


Interface 


Rl 


SO 0.12 
SO 0. 1 3 
SO 0. 1 4 
Loopback 


r: 


SO 0.21 


R3 


SO 0.3 1 


R4 


SO 0.41 



On Rl 








Rl (conflg)#routcr eigrp 
R I ( c o n tig -r o u ter)# no aL 
R 1 feontlg-routcr)r*nct\v 
R 1 ( c o n tlg-ro u t cr ) S net w 
R 1 (c ontlg-rou tcr)#net\v 
R 1 (contlg -router)?* nctw 


1 00 

10.1.12.10.0.0.0 
10.1.13.10.0.0.0 
10.1.14.10.0.0.0 
I.I. 1.1 0.0.0.0 


On R2 









CCIE R&* bv Narbik Ku-harian. 



Advanced CC1 E RA.S Work Book 2.0 

C2009 Mar bib Kucha rianx All right. r«trvnl 



Page 430 of 1068 



R2(cont"ig)r#roLUcrcigrp 100 
R2 (con fig -router)?* no au 
R2(contlg-routcr)r*nctw 10.1.12.2 0.0.0.0 

On K3 

R3 (configure Liter cigrp 100 

R3(conflg-routcr)r*no sli 

R .3 (c o n fig-ro u tcr)#nctw 10.1.13.3 0. 0.0. 

On K4 

R4 (c o n fig)#ro liter cigrp 1 00 
R4(conflg-routcr)#no au 
R4(config-rautcr)#nctw 10. 1. 14.4 0.0.0.0 

To verify the configuration: 

On K4 

R4#Show ip mute cigrp 

1 .0.0.0/24 is subnetted, 1 subnets 
D 1.1.1.0 [90/2297856] via 10.1. 14.1, 00:04:29, SerialO/0.41 

10.0.0.0.24 issubnetted, 4 subnets 
D 10.1.13.0 [90/268 1856] via 10.1.14.1, 00:14:24, ScrialQ'0.41 
D 1 0.1. 12.0 [90:268 1856J\ia 10.1. 14. 1,00: 14:24, Scnaia0.41 

On K3 

R3**Shtnv ip route cigrp 

1.0.0.0/24 issubnetted, I subnets 
D L 1.1 jQ [90,2297856] via 10.1.13.1,00:03:58, SerialO/0.31 

10.0.0.0/24 issubnetted, 3 subnets 
D 10. 1.14.0 [90/2681856] via 10.1. 13. 1, 00:14:48, SerialQttJI 
D 10. 1.12.0 [90/2681856] via 10.1.13. 1, 00:14:48, ScrialO/0.31 

On R2 

R2**Sho\v ip route cigrp 

1.0.0.0/24 issubnetted. 1 subnets 



CCIE R&<> by NflrWk KucharLuiw Advanced CCIE R&S Work Book 2.0 Page 431 of 1068 

C2009 Narhik Kucha rianx All riflhU raervetl 



D 1. 1. 1.0 [.90 2297856] via 10.1.12.1, 00:03:08, ScrialO/0.21 

10.0.0.0 24 is subnet ted. 3 subnets 
D 10. 1.14.0 [90 268 1856] via 10.1.12. I, 00:15:16, Scriaia'0.21 
D 10. 1 . 1 3, [90 268 1 856; via 10.1 . 12. 1, 00: 1 5: 1 6, ScrialO/0.21 



Task 3 

Configure mutual redistribution between OSPF and E1GRP on R4: use a mctrie of your 
choice. 



On R4 

R4(config)#routcrospf 1 
R4(config-routcr)#rcd is tribute cigrp 100 subnets 

R4 (c o n figure u ter cigrp 1 
R4fct)nfig"routcr')f*rcdistributc ospf I metric I 1111 

To verify the configuration: 

On R5 

R5f* S ho w ip ro utc sp f 1 nc 

O E2 1.1.1.0 [110/20] via 10. 1.45.4, 00:06:00, ScrialO/0.54 

E2 10.1.14.0 [110/20] via 10.1.45.4, 00:07:39, ScrialO/0.54 

E 2 1 . 1 . 1 3 .0 [ 1 1 0/20 ] v ia 1 . 1 .45 .4, 00 : 7 : 3 9 , ScrialO/0 . 54 

O E2 10.1.12.0 [110/20] via 10.1.45.4, 00:07:39, ScrialO. 0.54 

On Rl 



Rl#Show ip route cigrp 

2.0.0.0/24 is subnetted, I subnets 
D EX 222.0 [170.2560512256] via 10.1. 14.4, 00:0 1:00, Scrial0/0.14 

3.0.0.0.24 is subnetted, I subnets 
D EX 3.3.3.0 [170/2560512256] via 10.1 . 14.4, 00:01:00, Serial0/0.14 

10.0.0.024 is subnetted, 4 subnets 
D EX 10.1.45.0 [1702560512256] via 10.1.14.4,00:01:00, ScrialO'0.14 



CCIE R&<> by Narvik Kuchariaiw Advanced CC1E R&S Work Book 2.0 Page 432 of 1068 

C 2009 >iarbik Kxidiariaiu. All rig lib reserved 



On K2 

R2f*Show ip route cigrp 

1.0.0.0'24 is subnetled, 1 subnets 
D 1. 1. 1.0 [90-2297856] via 10.1 .12.1, 00:07:33, ScrialO 1021 

2.0.0.0/24 is subnetled, 1 subnets 
D EX 2.2.2.0 1170/25610242561 via 10.1.12.1, 00:01:51, SerialO/0.21 

3.0.0.0/24 is sub netted, 1 subnets 
D EX 333.0 1170/25610242561 via 10.1.12.1, 00:01:51, Seria 10/0.21 

10.0.0. 0'24 is subletted, 4 subnets 
D 1 0. 1.14. [90,268 1 856] via 10. 1. 12. 1 , 00: 1 9:4 1 , ScrialO/0.21 
D 10. 1.13.0 [90 268 1856] via 10. 1.12. 1,00:1 9:4 1, ScrialO/0.21 
D EX 1 0. i .45.0 [ 170/256 1 024256] via 10.1.12.!, 00:0 1:51, ScrialO, 0. 2 I 

On R3 

R3ffShow ip route cigrp 

1 .0.0.0/24 is subnetled, I subnets 
D 1. 1.1.0 L 90/2297856] via 10.1.13.1,00:10:45, ScriaK)/0.31 

2.0.0.0/24 is sub netted, 1 subnets 
D EX 2.2.2.0 |170.'25610242561 via 10.1.13.1, 00:05:02, SerialO/0.31 

3.0.0.0/24 is subnetled, 1 subnets 
D EX 333.0 1170/25610242561 via 10.1.13.1, 00:05:02, Serial0/0.31 

10.0.0. 0'24 is subnetled, 4 subnets 
D 10. 1.14.0 [90 268 1856] via 10.1.13.1,00:21:34, Scrialtt'0.31 
D 10. 1.12.0 [90/2681856] via 10.1.13.1, 00:21:34, ScrialO/0.31 
DEX I 0.1.45.0 [170 2561024256] via 10.1.13.1, 00:05:02, ScrialO 0.31 



Task 4 

Configure "Eigrp stub" on Rl such that it ONLY advertises it's directly connected 
interfaces that are advertised with a "network 1 ' command to its Eigrp neighbors. 



On Rl 

R I (c o n figjftl ro u t cr cigrp 10 

R 1 (c o n fig-ro liter) # ei g rp stub con netted 

To verify the configuration: 



CCIE R&<* by NarMk Koehuriaiis Adv uiccd CCIE R&S Work Book 2.11 Page 433 of 1068 

C2Q09 Mar bik Kucha runx All righta rrirrvfil 



On R2 

R2#Show ip route eigrp 

1.0.0.0/24 is sub netted, I subnets 
D 1. 1 .1.0 L90 2297856J via 10.1.12.1,00:02:01, Scria 10/021 

10.0.0.024 issubnetted, 3 subnets 
D 10. 1.14.0 [902681856] via 10.1. 12. 1, 00:02:01, ScrialO/021 
D 1 0. 1 .1 3.0 [90268 1 856] via 10.1.12.1, 00:02:01, Scriaia'0.21 

On K3 

R3"Sho\v ip route cigrp 

1.0.0.024 issubnetted, I subnets 
D 1. 1 . 1 .0 L 902297856' via ! 0. 1. 1 3.1 , 00:02:41, ScrialO/021 

10.0.0.0/24 is subnet ted, 3 subnets 
D 1 0. 1.14.0 [90/268 1 856J via 10.1 . 13. 1, (K):02:41 , ScrialO/0.31 
D 1 0. 1 .12.0 [90/268 1 856] via 1 0.1 . 13. 1, 00:02:41 , ScriaKHUl 

On Rl 



R Iff Show ip route cigrp 

2. 0.0. 024 is subnetted, I subnets 
D EX 222.0 [170 256051 2256J via 10.1.14.4,00:03:25, ScrialO/0.14 

3.0.0.024 is subnetted, I subnets 
D EX 3.3.3.0 [170/2560512256] via 10.1 . 14.4, 00:03:25, ScrialO/0.14 

10.0.0.024 is subnetted, 4 subnets 
D EX ! 0.1.45.0 [1702560512256] via 10.1.14.4,00:03:25, ScrialO/0.14 

Note R2 and R3 do NOT get the redistributed routes, because of Rl's "stub 
connected'" configuration. 



Task 5 

Configure Rl such that routers R2 and R3 have networks 222.0 24 and 3.3.3.0 24 in 
their routing table. DO NOT remove the "Eigrp stub connect cd" configuration from R I to 
accomplish this task. 



To accomplish this task a "leak-map" is referenced in the '"Eigrp stub connected' 



COE R&S by Narblk kuchariaiw AdmnccdCClE R&S Work Book 2.11 Page 434 t>f 1068 

C2009 NarbikKocharianx All rijhu raerved 



command. The leak-map references, a route-map called "TST'\ the route-map 
references an access-list. Any IP addresses that are permitted in the access-list is 
leaked along the connected networks. 

On kl 



Rl(config)#acccss-list 1 permit 2.2.2.0 0.0.0.255 
Rli;config)#acccss-list 1 permit 3.3.3.0 0.0.0.255 

R 1 .(c o n fig )#ro utc- map TST permit 10 
Rl I' con fig-route- map) rematch ip addr 1 

Rl (config)#routercigrp 1 00 

Rl(config-routcr)#ei|jrp stub connected leak-map TST 

To verify the configuration: 

On R2 

R2f*Show ip route cigrp | Ine EX 

D EX 2.2.2.0 [170/256 1024256] via 10. 1 .12. 1, 00:04:29, ScrialO/0.21 
D EX 33.3.0 [170/2561024256] via 10. 1.12. L 00:04:29, ScrialO/0.21 

On 1*3 

R3#Show ip route cigrp lnc EX 

D EX 222. [170/256 1024256] via 1 0. 1 . 1 3. 1, 00:00: 1 3, ScrialO/0.3 1 
D EX 3.3.3.0 [170/2561024256] via 10. 1.13. 1, 0000:13, ScrialO/'0.3I 

Note both R2 and R3 have both networks 2.2.2.0 24 and 33.3.0 24 in theii 
routing table. 



Task 6 

Reconfigure Rl such that R2 gets network 2.2.20 /24 and R3 gets network 33.3.0 .24 
ONLY. EX) NOT remove tbc"Eigrp stub connected" configuration from Rl to 
accomplish this task. 



CCIE R&$ by Narbik Kuehariaiw Advanced CCIE R&S Work Book 2.0 Page 43Sofl068 

C2009 >iarl>ik Kucha rianx All rijjhu raerved 



The access-list and the route-map TST should he removed before proceeding 
further: 

On kl 



Rl(config)#\0 access-list 1 
Rliconfig)nN() route- map TST 

We should identify the two networks using two access-lists, in this case access-list 2 
permits network 2.2.2.0 .'24 and access-list 3 permits network 33.3.(1 .'24: 

Rli;config)#acccss-list 2 permit 2.2.2.0 0.0.0.255 
Rl(config)#acccss-list 3 permit 3.3.3.0 0.0.0.255 

The next step is to configure a new route- map as follows: 

Rl(config)#ro utc-map TST permit 10 

R 1 (c o n fig-route- map )# match ip addr 2 
Rl (con fig-route- map )#match inter SO/0. 12 

R 1 (c o n fig-ro u to map )# route- map TST permit 20 
R 1 (c a n fig-ro u t c- map )# mate h ip ad d r 3 
R 1 (c o n fig-ro u t c- map )#matc h in tcr S0/0 . 1 3 

Note the route-map is already referenced by the leak-map. 
To verify the configuration: 

On R2 

R2"Sho\v ip route cigrp Inc EX 

D EX 2.2.2.0 [170/256 1024256] via 10. 1 .12. 1, 00:03:1 6, Scrial0/021 

On K3 

R3"Sho\v ip route cigrp Inc EX 

D EX 3.3.3.0 [170/256 1024256J via 10. 1.13. K 00:03:43, ScrialO/0.31 



CCIE R&5> by Narvik Kuehuriaiw Advanced CCIE R&S Work Book 2.0 Page 436 of 1068 

C2009 >tarl>ik. Kucha riani. All rijhfci raerved 



Task 7 

Erase the startup configuration and reload the routers before proceeding to the next lab. 



CCIE R&«* by Narbik Kuchariaiw Advanced CCIE R&S Work Book 2.0 Page 43? of 1068 

£ £009 N«rl>ik Kucha rlim All rijhu raerved 



Lab 3 - Eigrp & Default-information 



L02-4 





., 



SO; 0.32 .3 




Lab Setup: 

> Configure all frame-relay connections in a point-to-point manner. 

> Use the IP addressing and DLC1 chart below. 

IP aildrL'ssin": 



Router 


1 nt erf a c e / IP ad d ress 


DLC1 assignment 


RI 


SO 0.12 =10.1.12.1/24 
Loopback2 =2222 B 
Loopback3 = % 3 % 1 /8 
Loopback4 =4.4.4.4 S 


102 


R2 


SO/0.21 =1(1.1.12.2/24 
SO/0.23 =10.1.23.2 -24 


2(91 
203 


R3 


SO 0.32 = 10.l.">3.3 ^4 


302 



CCIE R&«* bv Narbik K.uchnriniu 



Advanced CCIE R&S Work Book 2.0 

C 20419 Narbik. Kucha riani. AH ri||hta reserved 



Page 438 of 1068 



Task 1 

Configure Eigrp on all routers and advertise their directly connected interfaces in AS 100. 
Rl should NOT advertise network 4.0.0.0 .'8 in this routing protocol. 



On Rl 

R 1 (e o n figj# Ro u t cr eigrp 1 00 

Rl (config-routcr)#no au 

Rl i;config-roLitcr)#nctw 2.2.22 0.0.0.0 

R 1 fc o n fig-ro u tcr)#nctw 3 . 3. 3 .3 . 0. 0. 

Rli;config-routcr)^nct\v 10.1.12. 1 0.0.0.0 

On R2 

RZfconfig^Router eigrp 100 
R2iconf]g-routcr)r*no au 
R2i;coni1g-roiitcr)#nct\vork 10. 1. 12.2 0.0.0.0 
R2i;config-router)#nct\vork 10.1.23.2 0.0.0.0 

On R3 

R3 (e o n fig)#Ro u t cr eigrp 1 00 
R3(cont1g-routcr)T#no au 
R3i;config-router)#nctwork 10.1.23.3 0.0.0.0 

In verify the configuration: 

On Rl 

Rl#Show ip route eigrp 

1 0.0.0. Q'24 is subnet ted, 2 subnets 
D 10.1.23.0 [90 268 1856 J via 10.1.12.2,00:01:55, ScrialO/0.12 

On R2 

R2#ShpjW ip route eigrp 

D 2.0.0.0 8 [90/2297856] via 10.1. 12.1, 00:02:21, ScrialO/021 
D 3.0.0.0 8 [90 2297856] via 10.1. 12. 1, 00:02:21, ScrialO/0 2\ 

On R3 



COE R&<> by Narbik Kuchariuiw Adt unced OOE R&S Work Book 2.11 Page 439oflQ68 

C2009 Narbik Kucha rianx All rqi lib reserved 



R3~Show :p route eigrp 

D 2.0.0.0/8 [90-2809856] via 10. 1.23.2, 00:01:57, SeriaKX'0.32 
D 3.0.0.0/8 [90-2809856] via 1 0. 1.23.2, 00:01:57, SeriaKl'Q.32 

10.0.0.0/24 is subnetted, 2 subnets 
D i 0.1. 12.0 [90,2681856] via 1 0.1.23. 2, 00:01:57, Serial0/0.32 



Task 2 

Configure Rl such that R2 and R3 use network 2.0.0.0 .-'8 as candidate default. 



On Rl 

RJ(config)Hp default -net work 2.0.0.0 
To verify the configuration: 

On Rl 

Rl-Sh ip route 2.0.0.0 

Routing entry for 2.0.0.0/8 
Known via "connected", distance 0, metric (connected, via interface), candidate default path 

Redistributing viaeigrp 100 
Routing Descriptor Blocks: 
* direct ly connected, via Loopback2 
Route metric is 0, traffic share count is I 

R l~Show ip route B Gate 

Gateway of last resort is not set 

C* 2.0.0.0/8 is directly connected. Loopback2 

C 3.0.0.0 8 is direct a - connected. Loopback3 
C 4.0.0.0 R is directly connected, Lonpback4 

10.0.0.0/24 is subnetted, 2 subnets 
C 1 0. 1 . 1 2.0 is directly connected, SerialO'O. 12 
D 10.1.23.0 [90/2681*856] via 10.1.12.2, 00:05:13, SerialO/O.1 2 

On R2 



CCIE K&S by Narbik Kocharians Advanced CCIE HAS Work Book 2.U Vage 440 of 1668 

C2CIW VirhikKodiiriins. U\ riehli merged 



R2#Sho\v ip route cigrp 

D* 2.0.0.0/8 (90/22978561 via 10.1.12.1, 00:00:4 1, SerialO/1.21 
D 3.0.0.0/8 [90/2297856] via 10.1.12.1,00:07:55, ScrialO/1.21 

Note the asterisk reveals that R2 is using that network as the candidate default. 

On K3 

R3*Sh ip route ci^rp 

D* 2.0.0.0/8 [90/2809856] via 10.1.23.2, 00:00:23, ScrialO'0.32 
D 3.0.0.0/8 [90/2809856] via 1 0, ! .23.2, 00:0 1 :39, ScrialO/0.32 

10.0.0.0/24 is subnet ted 2 subnets 
D 10. 1.12.0 [90/268 1 856] via 10.1.23.2, 00:01 :39, Scrialtt'0.32 

To test the utnfiauration: 



On R2 



R2*Ping 4.4.4.4 



Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echos to 4.4.4.4, timeout is 2 seconds: 



Success rate is 10(1 percent (5/5), round-trip min/avg'max = 8/26/60 ms 
To verify thi? configuration on K3: 
R3"Sho\v ip route cigrp 

D* 2.0.0.0/8 190/28098561 via 10.1.23.2, 00:04:24, Serial0/1 J2 

D 3.0.0.0/8 [90/2809856] via 10.1 .23.2, 00: 10:39, ScrialO/ 1 .32 

10.0.0.0/24 is subnet ted, 2 subnets 
D 10.1.12.0 [90/2681856] via 10.1.23.2,00:10:39, Scriaiai.32 

R3*Ping 4.4.4.4 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echos to 4.4.4.4, timeout is 2 seconds: 



Success rate is 100 percent (5/5), round-trip min/avg max = 4 32 "92 ms 



COE R&* by Narvik Kuehariaiis Advanced CCIE R&S Work Book 2.0 Page 441 of 1068 

£2009 NarbikKochariaiu. All rij|liU rcirrv«l 



Task 3 

Configure R2 such that R3 docs NOT use network 2.0.0. :8 as the candidate default s R3 
should still have network 2.0.0.0 '8 in it's routing table. 



On K2 

R2(config)#ro utcr cigrp 100 

R2i;confjg-routcr)p ! >.0 default-information allowed out 

R2p ! Clcar ip cigrp neighbor 

Note the "NO defau It- in formation allowed out"" disables the redistribution of default 
route, meaning that R3 will no longer use network 2.0.0.(1 .'8 as its eandidate default, 
but it will still have that network in its muting table. 

To verify the configuration: 

On R2 

R2r*Show ip route cigrp 

D* 2.0.0.0/8 [902297856] via 10.1.12.1,00:00:25, ScrialO'lJl 
D 3.0.0.0/8 [90/2297856J via 10.1 . 12. 1, 00:00:25, ScrialO.i.21 

On K3 

R3#Show ip route cigrp 

D 2.0.0.0/8 [90/2809856] via 10.1.23.2, 00:01:04 ScrialO.i.32 
D 3, 0. .0/8 [ 90/2 80 9 8 5 6 J v ia 1 . 1 . 23 .2, 00 :0 1 : 04, S cri alO/' 1 .32 

10.0.0.Q'24 is subnetted, 2 subnets 
D 1 0. 1 . 1 2. [ 90/2 6 8 1 8 5 6 J via 1 . 1 .23 .2, 00 :0 1 :06 , Scrialtt 1 ' 1 . 32 

To test the configuration: 

On R3 

R3#Pmg 4.4.4.4 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echos to 4.4.4.4, timeout is 2 seconds: 



CCIE R&«* by Narbik Kucharians Advanced CCIE R&S Work Book 2.0 Page 442 of 1068 

£ M<I9 Narbik Koch* runs. All rijhu raervetl 



Task 4 

Remove the command that was entered in the previous task on R.2. and configure R3 to 
accomplish the same task, if this configuration is performed correctly. R3 should NOT 
use network 2.0.0.0 .8 as the candidate default. 



To remove the command from R2: 

On R2 

R2(c onfig)#ro utcr cigrp 1 00 

R2iconfig-routcr)~ default-in formation alloued out 

R2#Clcar ip cigrp neighbor 

it) verify K2*s configuration: 

On R2 

R2#Sh run S router cigrp 

router cigrp 100 
network 10.1.12.2 0.0.0.0 
network 10.1.23.2 0.0.0.0 
no auto -summary 

Tu verify the configuration on K3 

On K3 

R3r*Show ip route cigrp 

D* 2.0.0.0/8 [90'2809856] via 10.1.23.2,00:00:58, ScrialQ'l .32 
D 3.0.0.0/8 [9Q.'2809856J via 10.1.23.2, 00:00:58, SerialO/1 .32 

10.0.0.0/24 issubnetted, 2 subnets 
D 10.1.12.0 [90 2681856] via 10.1.23.2,00:01:00, ScrialQT.32 

Note Ri uses network 2.0.0.0 /8 as candidate default. To eon fit! u re R3 to 



CCIE R&<* by Narbik Kuehariuiw Advanced CC1E R&S Work Book 2.0 

C2009 NarlrikKuchariini. All riflhU rtun til 



Page 443 of 1068 



accomplish the same (ask; 

On K3 

R3 (con figure utcrcigrp 100 

R3(eonfig-routcr)#NO default-information allowed in 

R3f* Clear ip eigrp neighbor 

Note from R3*s perspective it should disahle the redistrihution of the default 
route inbound, therefore, the direction of the command is configured inbound. 

Note if R2 enters the "no default -information allowed in", then R3 will not 
receive is either. 

To test and verity the configuration: 

On K3 

R3*Show ip route cigrp 

D 2. i). (1 .0/ 8 [9 0.2 809856] via 10. 1 232, 00:0238, SeridfV 1 . 32 

D 3.0.0.0/8 [902809856] via 1 0. 1 .23.2, 00:02:38, Scrialtt'l .32 

10.0.0.0/24 issubnetted, 2 subnets 
D 10.1.12.0 [90/268 1856J via 10.1.23.2,00:02:38, ScrialOi.32 



I ask 5 



Reconfigure the routers based on the following topology and IP addressing: 



Lo2r4 






10.1.1.0/24 



CCIE R&5> by \nrUk Ku char urns Advanced CCIE R&S Work Book 2.0 

C2009 Varbik Kucha riani. All rijjhu rciervcil 



Page 444 of IMS 



Lab Setup: 

> Configure FO/0 interlace of the routers in VL AN 1 00. 
'fr Use the IP addressing chart below. 

IP addressing: 



Router 


Interface/ IP address 


RI 


FO/0 = 10.1.1.1 /24 
Loopback2 =2.22.2/8 
Loopback3 = 1 % 1 3 ,'B 
L a o pb ac k4 = 4 .4 .4 . 4 /8 


R2 


FMI = 10.1.1.2 ,24 


R3 


F0 = 10.1.1.3 24 



Task 6 

Configure Eigrp 1 00 on the routers and advertise their directly connected interlaces in AS 
100. Rl should NOT advertise network 4.0.0.0 /8 in this routing protocol. 



On Rl 






Rl (con fig- 
Rl (con fig- 
Rl (c on fig- 
Rl (con fig- 
Rife on fig- 


if)rrroutcr eigrp 100 
router)?* no au 
r o u t cr)finct wo r k 2. . . 
router)#Nctwork 3.0.0.0 
ro u tcr)#Nct wo rk 1 . 1 . I . 


0.0.0.0 


On R2 






R2(eonfig)#Routcr eigrp 100 
R2 (c o n fig-r o u t cr) # no au 
R2fconfig-routcr)#nctwork 10.1. 1.2 


0.0.0.0 


On R3 






R 3 (con fig) 


^Router eigrp 1 00 





CCIE R&«> bv Narbik KuL-harians 



Advanced CCIE R&S Work Book 2.0 

C 2009 Varbik Kucha rianx All rights ratrvnl 



Page 445 of 1068 











R3(config-routcr)#no au 
R3(config-routcr)#nctwork 10. 1. 1.3 0.0.0.0 

To verify the configuration 

On R2 

R2#Show ip route eigrp 

D 2. 0.0 .0,8 [90. 4 09600] via 1 0. 1 . 1 . 1 , 00: 1 5:2 1 , Et hcrnctO/0 
D 3. 0.0 .0/8 [90/4 09600 J via 10.1 . 1.1 , QO: 1 5:2 1 , Et hcrnctO/0 

On R3 

R3r*Show ip route cigrp 

D 2. 0. 0.0/8 [90/409600 J via 1 0. 1 . 1 . L 00: 1 5:0 6, Et hcrnctO/0 
D 3. 0.0 .0/8 [90/4 09600 J via 1 0. 1 . 1 . 1 , 00: 1 5:0 6, Et hcrnctO/0 

Note Rl should not have any Kigrp routes in its routing table. 






Task 7 

Configure Rl to advertise Network 2.0.0.0 '8 and Network 3.0.0.0 8 as candidate default 
in this routing domain. 






On Rl 

Rlleonfig)sip default-network 2.(1.0.0 
R](config)#ip default -network 3.0.0.0 

I o verify the configuration: 

On R2 

R2**Sho\v ip route cigrp 

D* 2.0.0.0/8 [90 4096001 via 1 0.1.1.1, 00:02:55, EthcmctO 
D* 3.0.0.0/8 [90 409600] via 1 0. 1. 1 . L 00:02:52, EthcrnctO/0 




cc 


IE R&* b) Narbik KocharLans Advanced CCIE R&S Work Book 2.0 Page 446 of 16 

C 2009 Narbik Kucha rians. All rijhu raerved 


68 



On K3 

R3#Show ip route cigrp 

D* 2.0.0.0/3 [90 409600] via 10. 1.1.1, 00:03:56, EthcrnetO/0 
D* 3.0.0.0/8 [90 409600] via 10. 1.1.1, 00:03:52, EthcrnctQ'O 

Note both R2 and R3 use networks 2.0.0.0 /8 and 3.0.0.0 ,'S as their candidate default. 



Task8 

Configure R2 and R3 such that R2 uses network 2.0.0.0 M and R3 uses network 3.0.0.0 /8 
as their candidate default. 



On R2 

To configure this task, an access-list is written to identify the network (Network 
2.0.0.0 .'8 in this case), then, the access-list is referenced in the "Default-information 
allowed in"" command, which tells the router that ONLY the network that is 
permitted in the access-list should he used as candidate default. 

R2(config)#acccss-list 2 permit 2.0.0.0 

R2 1 config)#ro utcr cigrp 100 

R2(c on fag-routcr)#dciaLi It-information allowed in 2 

R2#clc ip cigrp neigh 

R2f*Show ip route cigrp 

D* 2.0. 0. 0/8 [90/409600 j via 1 0. 1 . 1 . 1 , 00:0 1:41, FastE thcrnctO 
D 3.0.0.0/8 [90/409600] via 10.1 .1.1, 00:01:4 I , FastEthcrnctO 

The following shows the configuration of R3: 

On R3 

R3 (con fig^ac cess -list 3 permit 3.0.0.0 

R3 (c o n fig )#Ro u tcr cigrp 1 00 

R3fconfig-routcr)^default-infom]atitm allowed in 3 



eOE R&S b) .Wfoik kuirhnrians Athanctd CC1E R&S Work Book 2.0 Page44?oflQ68 

C 2009 Mar bib Kucha riant. All rijjhU reserved 



R3#Cjg ip cigrp neighbor 

'l'o verify the configuration: 

On K3 

R3"Show ip route cigrp 

D 2. 0.0 .0/8 [ 90:4 09 6 J via 1 . 1 . ! . 1 , 00 : 1 : 1 , E t hcrnctO/0 
D* 3.0.0.0/8 [90 409600] via 10. I.I.I, 00:0 1 :() 1 , EthcrnctO/0 

l'o test the configuration: 

On R2 

R2^Ping 4.4.4.4 

Type escape sequence to abort. 

Sending 5. 100-bytc 1CMP Echos to 4.4.4.4, timeout is 2 seconds: 



Success rale is 100 percent {SIS), round-trip min/'avg'rnax = 4/1 1/24 ms 

On K3 

R3#Pjjjg 4.4.4.4 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echos to 4.4.4.4, timeout is 2 seconds: 

(MM 

Success rate is 100 percent (5/5), round-trip min/avg'max = 4/13 24 ms 



Task 9 

Erase the startup configuration and reload the routers before proceeding to the next lab. 



CCIE R&«, by Narvik Kuehuriaiw Advanced CC1E R&S Work Book 2.0 Page 448 of 1068 

C 2009 Narbik Kucha rians. All rijjhu rcirncd 



Lab 4 - Eigrp Filtering 



LoO-2 




F0'1 



10.1.120124 



.1 



FQ/1 .2 



LoO-2 




LoO-2 



FC'O 



3 FO'O 
10.1. 234.0/24 





I .alt SL'tuu: 

• Configure the FQ/l interface of Rl and R2 in V LAX 12 

• Configure the FG/O interlace of R2, R3 and R4 in VLAX 234 

• Use the following IP addressing chart for IP assignment: 



IP Addressing chart: 



Router 


Interface/ IP address 


Rl 


FO 1 = 10. 1. 12.1 24 
LoO = 1.1.1.1/8 
Lo 1 =11.1.1.1/8 
Lq2 = 111.1.1.1/8 


R2 


F0/1 = 10.1.12.2 '24 
F0/0= 10.1.234.2 .'24 



CCIE R&$ by NarMk Kuehariaiw Advanced CCIE R&S Work Book 2.0 

C 2009 Varbik Kucha rianx All rights reserved 



Page 449 of 1068 





LoO =2.2.2.2 m 
Lol =20(1.1.1.1/24 
Lo2 = 200.2.2.2 /24 


R3 


FO 0= 10. 1.234.3 24 
LoO =3.3.3.3 /B 
Lol =200.1.1.1 .24 
Lo2 =200.2.22/24 


R4 


FC)/0= 10.1.234.4 '24 



Task 1 

Configure E1GRP 1 00 on all routers and advertise their directly connected links. You 
should disable auto summarization on these routers 



On Kl 

R 1 (c o n figure u tcr cigrp 1 00 
Rl (config-routcr)#nctwork 1.1,1 J 0.0.0.0 
R](config-routcr)*nctwork 10.1.12.1 0.0.0.0 
Rl(config-routcr)#rictwork 1 1. 1. 1. 1 0.0.0.0 
Rl (config.routcr)#nct\vork 111.1.1.1 0.0.0.0 
R I (con fig-router)** no an to -sum man' 

On R2 



R2 (c o n figure u tcr cigrp 1 00 
R2 f c o n fig -ro u t cr)#nct\vo r k 10. 



2.2 0.0. 



1.0 

.0.0 

).0 

1.0 



R2(conhg-routcr)£nctwork 10.1.234.2 0.( 
R2(config-routcr)#nctwork 200.1 .1.1 0.0. 
R2(config-routcr)#nctwork 2002.2.2 0.0. 
R2(config-routcr)** network 2.222 0.0.0.1 
R2(config-routcr)**no auto-sum man 

On K3 



R 3 ( c o n fig)#ro u tcr cigrp 1 
R3(conf]g-routcr)#nctwork 10.1.234.3 0.0.0.0 
R3(config-routcr)#nctwork 200.1.1.1 0.0.0.0 
R3(config.router)#nctwork 200.222 0.0.0.0 
R3 (c o n fig-ro u tcr)# net wo r k 3. 3 . 3 . 3 . . 0. 
R3(oonfig -router)^ no auto-sum marv 



CC'IE R&*> b* Narbik Kuirharians 



Ad* ancLd CCIE R&S Work Book 2.0 

C 2009 Varbik Kucha rian«. All riflhU reserved 



Page 450 of 1068 



On K4 

R4(config)#ro Liter cigrp 1 00 
R4i;config-routcr)#nctwork 10.1.234.4 0.0.0.0 
R4 (c o n fig-ro li t cr ) # no a u to - sum m a it 

To verity the configuration: 

On R4 

R4"Sho\v ip route Eigrp 

D 1.0.0.0.8 [90 1 58720] via 10.1.234,2, 00:00:17, FastEthcrnctO u 
D 2.0.0.0/8 [90/1 56 1 60] via 1 0. 1 .234.2, 00:00: 1 7, FastEthcrnctO 
D 3.0.0.0/8 [90/1 56 1 60] via 10.1 .234.3, 00:00: 1 7, FastEthcrnctO/0 
D 20 . 1 . 1 . 24 [ 9 1 5 6 1 6 ] via 1 . 1 234 . 3 , 00 : 00: 1 7 , FastE thcrnctO 

[90, 1561 60] via 10. 1 234.2, 00:00: 1 7, FastE thcrnctO 
D 200.2.2.0/24 [9Q/1 56 1 60] via 10. 1 .234.3, 00:00s 1 7, FastE thcrnctO 

[90'1 56 1 60] via 10. 1 234.2, 00:00: 1 7, FastE thcrnctO/0 
D 1 1 1 .0.0.0/8 [90:1 58720] via 1 0. 12342, 00:00:1 7, FastE thcrnctO/0 

10.0.0.024 issubnetted, 2 subnets 
D 1 0. 1 . 1 2. [90/3O72O] via 10. 1.234.2, 00:00: 1 7, FastEthcrnctO/0 
D ! 1 .0.0.0/8 [90/1 58720] via 1 0. 1 .234.2, 00:00:1 7, FastEthcrnctO 



Task 2 

Configure R4 such that it filters existing ( 1.0.0. 0'8, 11.0. 0.0 8 and 111. 0.0.0 8) and future 
network behind Rl . DC) NOT use "distribute- list" or "route- map" to accomplish this task 



By tie fa u 
behavior 

On R4 

R4*Sh ip 


It, Eigrp will discard routes that have a In. 
can be utilized to accomplish this task, as 

cigrp topology 1 1.0.0.0 255.0.0.0 1 Inc Hon 


p count 
follows: 


of 101 


or more. 


this 


Hop 
R4#Sh ip 


count is 2 
cigrp topology 


.0.0.0 2 


55.0.0.0 | 


Inc Hop 


Hop 


count is 2 









CCIE R&S b\ Narblk KuL-harLaiw Adt anted CCIE RJtS Work Book 2.0 Pqge 451 of 1068 

C 3009 Narbik Kucha riant All rijjhu reserved 



R4*Sh ip cigrp topology 1 1 1.0.0.0 255.0.0.0 Inc Hop 

Hop count is 2 

Note the routes behind Rl have a hop count of 2, whereas, the other routes advertised 
in this topology have a hop count of 1: 

R4sSh ip cigrp topology 2.0.0.0 255.0.0.0 lnc Hop 

Hop count is 1 
R4*Sh ip cigrp topology 3.0.0.0 255.0.0.0 lnc Hop 

Hop count is 1 

Therefore, >ve should reject routes that have a hop count greater than 1: 

On K4 

R4 (con figure- utcr cigrp 100 
R4(config-roLitcr)#inetric maximum-hops 1 

Note when the above command is entered, the following message should be received, 
this is because the policy for Eigrp is changed from 100 (Default hop count) to ONLY 
1: 

l} A>DUAL-5-NBRCHANGE:IP-EIGRP<0f 100: Neighbor 10.1.234.2 (FastEttierretO/Oj is 

down: Max hopcoutit clianged 

%DUAL-5-NBRCHANGE:}p-EIGRP(0j 100: Neighbor 10.1.234.3 (FastEthernetO/Oj is 

down: Max hopcoutit dianged 

%DUAL-5-XBRCHANGE: IP-EIGRP(0/ 100: Neighbor 10.1.234.2 (FastEthermtO/Oj is up: 

new adjacency 

WUAL-5-NBRCHANGE: fP-EIGRP(0/ 100: Neighbor 10.1.234.3 (FastEthermtO/O) is up: 

iiew adjacency 

To verify the configuration: 

On R4 

R4ftShow ip route cigrp 

D 2.0.0.0/8 [9M561 60] via 10. 1 234.2, 00:0 1:48, FastE thcrnctO/0 
D 3.0.0.0/8 [90/1 56 1 60] via 10. 1 234.3, 00:01:48, FastE thcrnctO 
D 200.1. 1.0. 24 [90.156160; via 10. 1.234.3, 00:01:48, FastE thcrnctO 



CCIE R&«* by NarMk Kucharians Advanced CCIE R&S Work Book 2.11 Page 4S2ofl068 

£20419 Narbik Kucha runt. All righU r«trvnl 









[90' 


156160] 


via 10.1234.2, 


00:01:48. 


FastE thcrnctO/0 


D 


200.2 


10 2- 


If 90 


1561601 


via ! 0.1.234.3, 


00:01:48, 


FastE thcrnctO.' 








[90; 


156160] 


via 10.1.234.2, 


00:01:48. 


FastE thcrnctO 




10.0.0.0/24 if 


> subnet ted. 2 


subnets 






D 


10.1 


.12.0 


[90/ 


30720] via 10.1.234.2, 00:01:48, FastEthcrnctO/0 



Task 3 

Configure R4 such that it ONLY takes R2 to reach Network 200.1 . 1.0 £24. 



On K4 

Note in this case an extended access-list can be used to filter a prefix from a given 
route- source: in the following extended access-list, the source address in the ACL 
references the advertising neighbor, whereas, the destination address in the ACL 
references the actual Network: 

R4(config)*access-list 100 deny ip host 10.1.134.3 host 200.1.1.0 
R4(config)r*aecess-list 100 permit ip any any 

R4 (con fig .^router cigrp 100 
R4(config-routcr)r*distribute-list 100 in FO/0 

To verify the configuration: 



On K4 

R4*Sh ip route cigrp 

D 2.0.0.0/8 [90/1 56 1 60J via 10. 1 .234.2, 00:0 1:20, FastE thcrnctO/0 
D 3.0.0.0/8 [90/156160] via 10.1.234.3,00:01:20, FastE thcrnctO 
D 200.1.1.0/24 190/1561601 via 10.1.234.2, 00:01:20, FastEthcrnctO 
D 200.2.2.0 24 [90T56160J via 10.1234.3, 00:01:20, FastEthcrnctO 
190/1561 60] via 10. 1 .234.2, 00:0 1:20, FastE thcrnctO/0 
IO.O.O.Q'24 is subletted, 2 subnets 
D 10. 1.12.0 190/30720] via 10.1 .234.2, 00:01:20, FastEthcrnctO 



CCIE R&«> by NarbJk Kuehariaiw Advanced CCIE R&S Work Book 2.0 Page 4S3 of 1068 

C 2009 Narbik Kucha rianx All rijhfci raerved 



Task 4 

Re- configure the solution in task 3 such that if R2 is down R4 can reach network 
200.1 .1.0 24 through R3. 



In this case (he distance can he manipulated to accomplish this task, as follows: 

To remove the commands from the previous step: 

R4(config)#routercigrp 1 00 
R4(config-routcr)#\o distribute- list 100 in F0/0 

R4(config)#No access-list 100 

The next step is to configure the new policy: 

Step 1: 

Configure an access-list to identity the network: 

R4i config)? access -Ibl 1 permit 200.1.1.0 0.0.(1.255 

Step 2: 

Utilizing the distance command, the AD for network 200.1.1.0 24 ONLY through R3 

is set higher than the default AD of 90: 

R4(config-routcr)#if stance 91 10.1.234.3 0.0.0.0 1 

The above command sets the AD to 91 through R3 for networks identified in access- 
list 1. The following command resets the neighbors (This is done to speed up the 
process, on some I OS versions, it is done automatically: 

R4#Clc ip cigrp neighbor 

To verify the configuration: 

On K4 

R4#Sh ip route cigrp 

D 2. 0.0 .0/8 [ 90/1 561 60] via 1 Q, 1 .234.2, 00 :00: 1 2 , FastE thcrnctO/0 
D 3.0.0.0/8 [90/156160] via 1 0. 1234.3, 00:00:12, FastEthcrnctO 
D 200.1.1.0/24 190/1561601 via 10.1.234.2,00:00:12, FastEthcrnctO 
D 20 . 2. 2. 0/24 [ 9 0/1 56160] via 10.1 .234 . 3 , 00 : 0: 1 2 , FastE thcrnctO 
[90 156160; via 10. 1.234.2, 00:00:12, FastEthcrnctO 



CHE R&<> by Narbik Kucharians Advanced CCIE R&S Work Book 2.0 Page 454 of 1068 

C2QQ9 Mar bib Kucha riant. All rnjhU rcirrvrii 



10.0.0.0/24 issubncttcd, 2 subnets 
D 10.1.12.0 [90/30720J via 10.1.234.2, 00:00:12, FastEthcrnctO/0 

10 test the configuration: 



On R2 

R2(config')#int lol 
R2(config-il>Shut 

To verify the test: 

i iii i 

On K4 

R4#Sh ip route cigrp 

D 2.0.0.0 8 [90 156160] via 10.1234.2, 00:01:05, FastE thcrnctO/0 
D 3. 0. . 8 [ 90 1 5 6 1 60 J via 1 . 1 234 . 3 , 00 :0 1 :0 5 , FastE thcrnctO 
D 201). 1.1.0/24 [91/156160J via 10.1.234.3, 00:00:08, FastEthcrnctO 
D 200.2.2.0/24 [90/156160J via 10.1.234.3, 00:01:05, FastE thcrnctO ,0 
[9Q1 56 1 60 J via 1 0. 1 .234.2, 00:0 1:05, FastE thcrnctO 
10.0.0.0 24 issubncttcd, 2 subnets 
D 10. 1.12.0 [90 30720] via 10.1.234.2, 0O:Ol:Q5 s FastEthcrnctO 



1 ask 5 

Filter network 2.0.0.0/8 on R4; DC) NOT use thc"distributc-lisf' command to accomplish 
this task. 



Once again the distance command can be used to accomplish this task, the 
difference between the solution used in this task and the solution used in the 
previous task is that the AD is set to a value that is unreachable (255). 

On K4 

R4 (co nfig^aec ess -list 2 permit 2.0.0.0 

R4(eonfig)#ro Liter cigrp 1 00 
R4(config-routcr)#distanct! 255 10.1.234.2 0.0.0.0 2 



CCIE R&«> by Narbik Kuchariura Advanced CCIE R&S Work Book 2.11 Page 4SSt>flQ68 

C 2009 Narbik. Kucha rimni. All rijjIiU rcirnMl 



To verify the configuration: 

On K4 

R4frSho\v ip route cigrp 

D 3.0.0.0/8 [90 1561 60] via 10. 1 .234.3, 00:02: 1 6, FastE thcrnctO/0 
D 200. 1 . 1 . 24 [90 1561 60 j via 10. 1 .234.2, 00:02: 1 6, FastE thcrnctO 
D 200.2.2.0 24 [90/1 561 60] via 10. 1 .234.3, 00:02: 1 6, FastE thcrnctO 
[90/1561 60 J via 10. 1 .234.2, 00:02: 1 6, FastE thcrnctO 
10.0.0.0/24 is subletted, 2 subnets 
D 10.1.12.0 [90/30720] via 10.1.234.2, 00:02:16, FastE thcrnctO'O 



Task 6 

Erase the startup con tig and reload the routers before proceeding to the next task. 



CCIE R&5> by \nrUk Kuehariaiw Advanced CCIE R&S Work Book 2.0 Page 4S6oflQ68 

C 2009 Narbik Kucha riaiu. All rijjhu ri-irrvcU 



Advanced 
CCIE Routing & Switching 

2.0 

www.MicronicsTraininc.coni 



Xarhik Koc Italians 

CCIE #1241(1 
R&S, Security, SP 



OSPF 



CCIE R&S by Narbik Kuchariaiw Advanced CCIE R&S Work Book 2.0 Page 45? of 1068 

£ £009 N«rl>ik Kucha riaiu. All rij|hu raerved 



Lab 1 - Advertising Networks 



ArwQ 




l.al> Set up: 

• C Q n figu r c t h c tram o relay co n ncc t io n li si ng the S 0/0 i ntcrface 

• Configure the FG/0 interface of R2 and R3 in VL AN 23 

• L'sc the following IP addressing chart for IP address assignment 

IP addressing: 



Router 


Interface/ IP addressing 


Rl 


SO/0 = 10.1.12.1 24 




Lo0 = 1.1.1.1 8 


R2 


SO/0 = 10.1.12.2/24 




F0 = 10.1.23.2 24 




10.2.2.2 .24 Secondary 




LoO =2.2.2.2 /H 


R3 


F0.'0= 10.1.23.3/24 




10.3.3.3 ..24 Secondary 




LoO = 3.3.3.3 8 



CCIE R&$ by Narbik Kuc-hariuiw Advanced CCIE R&S Work Book 2.0 

C 2009 Narbik Kuchariani. All right* reserved 



Page 458 of 1068 



Task I 

Configure OSPF on these routers and run every interface (This includes the secondary 
interfaces) of these routers in Area 0: do not use "Network" command to accomplish this 
task. The loop back interface's should be advertised with their correct mask. There should 
NOT be a DR election on the Frame-relay network, do NOT use Point-to-Multipoint 
network type. 



On Rl 






Rifconfig^intSO/O 

Rl(config-if)#ip ospf network point-to 

Rlfconfig-if)#ip ospfl area 


-poi 


nt 


Rl(config)#int Io0 

Rl (config-if)#ip ospf network point -to 

Rl(config-if)#ip ospfl area 


•poi 


nt 


On R2 






RZfconfig'^intLoO 

R2(config-if)#ip ospf network point-to 

R2(config-if)#ip ospf 1 area 


-poi 


nt 


R2(config)#intFu'/0 
R2(config-if)#ip ospf 1 area 






R2i;config)#int SO 

R2(config-if)#ip ospf network point-to 

R2(config-if)#ip ospfl area 


-poi 


nt 


On R3 






R3(config)#intLoO 
R3(config-if)#ip ospf 1 area 
R3fconfig-if)rrip ospf network point-to 


■point 


R3(config)#intF0.0 
R3(config-if)r#ip ospfl area 






I o verify the configuration: 






On Rl 







CCIE R&«* by Narbik KucharLans Advanced CCIE R&S Work Book 2.0 Page 4S9afl068 

C 2009 Xarbik Kxidiariaiu. All righti raervetl 











R 1 "Show ip route DSpf 1 nc 

2.0.0.0/8 [1 1Q 65J via 1 0. 1 . 1 2.2, 00:05:58, ScrialO/0 
3.0.0.0/8 [1 1Q 75J via 10. 1. 12.2, 00:05:58, Scrialtt'O 
10.3.3.0 [110/84] via 10.1.12.2, 00:05:58, ScrialO/0 
10.2.2.0 [110/74] via 10. 1 .12.2, 00:05:58, ScrialO/0 
1 ft 1.23.0 [110/74] via 10.!.! 2.2, 00:05:58, ScrialO/0 

Note the secondary IP addresses are also advertised. 






Task 2 

Configure R2 and R3 such that the secondary IP addresses arc NOT advertised: do NOT 
use Acccss-Hst, Prefix-lists or filtering of any type and minimum number ot'eommands 
should be used to accomplish this task. 






On R2and R3 

R2(config)#int FO/0 

R2fconfig-if)rrip ospl'l area secondaries none 

To vertl'v the configuration: 

On kl 

R I -Show ip route ospf Inc Q 

2.0.0.0 8 [11 0.65] via 10.1.122, 00:01:00, ScrialO/0 
O 3.0.0.0 8 [110/75] via 10.1.122, 00:01:00, ScrialO/0 
10. 1.23.0 [110/74] via 10.1.122, 00:01:00, ScrialO'O 

Note the secondary Prefixes are no longer advertised. 




cc 


Task 3 

Erase the startup configuration and reload the routers hclbrc proceeding to the next lab. 

IE R&«* b> Narvik KoeharLami Advanced COE R&S Work Book 2.0 Page 460ofJt 

C2Q09 N»rbik Koch* runs. All rqi Ills reserved 


)6S 



Lab 2 
Optimization ot'QSPF and Adjusting Timers 



Area 




[,tib Setup: 



> R2 and R3's FQ/Q interlace should be configured in VLAN 23. 

3^ Rl and R2, R3 and R4 should be configured in a frame-relay point-to-point 

manner. 



IP Addressing 



Router 


Interface 


JP address 


Rl 


LoO 

F R interface 


1.1.1.1/8 
10.1.12.1 24 


R2 


LoO 

F/R interface 

Ri 


2.2.2.2/8 
10.1.12.2/24 

10.1.23.2 /24 


R3 


LoO 

F R iniLMiliJL' 

FO/0 


3.3.3.3/8 
10.1.34.3/24 
10.1.23.3 24 


R4 


LoO 

F/R interface 


4.4.4.4 /8 
10.1.34.4 '24 



CCIE R&*» bv Narbik K.ui:harians 



Advanced CCIE R&S Uurk Book 2.0 

C 2009 NirbikKuchnriaiu. All rights reerved 



Page461ofJ068 



Task 1 

Configure OSPF on all routers and advertise their directly connected networks in area 0. 



On K4 

R4(config)#Routcr ospf 1 
R4(config-routcr)#nct 0.0.0.0 0.0.0.0 arcO 

On R3 

R3(config-ii>Routcr ospf 1 
R3i;config-routcr)*nctwork 0.0.0.0 0.0.0.0 arcO 

On R2 

R2(config-itV Router ospf 1 
R2i;config-roiitcr)*nct\v 0.0.0.0 0.0.0.0 arcO 

On Rl 



R 1 (c o n fig- ii>Ro u tcr o sp f 1 

Rl (config-routcr)#nctw 0.0.0.0 0.0.0.0 arc 



To verity the configuration: 



On Rl 

Rl#Sho\v ip route ospf 

2.0.0.0/32 is subnetted, 1 subnets 
2.222 [110/65] via 10.1.12.2, 00: 00:04, ScrialO'0. 12 

3.0.0.0.32 is subnetted, 1 subnets 
O 3.3.3.3 [1 10/66] via 10.1.12.2,00:00:04, ScrialO/0. 12 

4.0.0.0/32 is subnetted, I subnets 
O 4.4.4.4 [110/ 130 J via 1 0.1. 12.2, 00:00:04, ScrialO'0.12 

10.0.0.0/24 is subnetted, 3 subnets 
O I ft 1 .23.0 [110/65] via 10. 1 .12.2, 00:00:04, ScrialO/0.12 
C ) 1 0. 1 .34. [ 1 1 0/ 1 2 9 J v ia 1 . 1 . 1 2 2 , 00:00 :04 , SeriaK)/0 . 1 2 



CCIE R&*» by NarbJk Kuehariaiw Advanced CCIE R&S Work Book 2.0 Page 462 of 1068 

C2009 Narbik Kucha rianx All rijjhu rcitrved 





Task 2 

R4 is getting flooded with LSA type 6 packets; ensure that R4 does not generate a syslog 
message for these packets. 






Cisco routers do NOT support LSA type 6 packets and each time an OSPF router 
receives tin MOSPFfLSA type 6) packet it sends a syslog message. If the routers 
receive many LSA type 6 packets they will generate a large number of syslog 
messages. This feature should he disabled to prevent this from occurring. 

On R4 

R4 ( c o n fig)#ro u t cr o sp f 1 

R4 (con fig-router ignore Isa mospf 






Task 3 

To ensure fast dctcetion of a neighbor being down, configure R2 and R3 to send their 
hcllos tour times a second with a hold time of one second. 






On R2 

R2i;config)#int ffl/0 

R2(config-if)#ip ospf dead- interval minimal he Ho -multiplier 4 

On R3 

R3i;config-iiyint ftl'O 

R3(config-if)#ip ospf dead- interval minimal he Ho -multiplier 4 

The dead interval is advertised in OSPF hello packets. The values of this parameter 
must he the same for tWB routers in order for them to form a neighbor adjacency. 
B\ specifving the "minimal 1 " and "hello-multiplier" Ice v words with a multiplier 
value, you are enabling OSPF fast hello packets, The "minimal"" keyword sets the 
dead interval to 1 second and the "hello-multiplier" value sets the number of hello 
packets sent during that 1 second. 




cc 


IE R&<> b) Narbik KocharLaiis Advanced COE R&S Work Book 2.0 Page 463 of It 

C 2009 Narbik. Kucha rii in. All rhjhu referved 


)68 



Task 4 

Ensure that these routers lookup DNS names tor use in all OSPF show commands, test 
this task to ensure proper operation. Since there arc no DNS servers in this lab you should 
use the routers tor that purpose. 



To test the OSPF "Show" commands before implementing this feature, enter the 
following: 

Show ip ospf database router 

OSPF Router with ID ( 1 . 1 . 1. 1) (Process ID 1 ) 

Router Link States (Area 0) 

LSagc: 1575 

Options: (No TOS -capability, DC) 

LS Type: Router Links 

Link State ID: I.I.I. I 

Advertising Router: 1.1.1.1 

LS Scq Number: 80000002 

Checksum: Ox 1D3F 

Length: 60 Note the router-id is displayed 

Number of Links: 3 

On All Routers 

(config)#ip ospf name- look up 

(config)#iphost Rl 1.1. 1. 1 
(coniig^ip host R2 222.2 
(config)#ip host R3 3.3.3.3 
(config)#ip host R4 4.4.4.4 

Show ip ospf database router 

OSPF Router with ID (I.l. 1.1) (Process ID 1 ) 

Router Link States (Area 0) 

LSagc: 1651 

Options: (No TOS -cap ability, DC) 

LS Type: Router Links _ Note the change, its replaced by the name configured 



Link State ID: I . I . I . I ^^^ in the "IP host" comman d. 
Advertising Router: Rl 



CCIE R&«» by Narbik Kocharians Advanced CC1E R&S Work Book 2.0 Page 464 of 1068 

C 20(19 Narbik Kacharuiiu. All rjjjhU rcirrvwl 











LS Scq Number: 80000002 
Checksum: 0x1 D3F 
Length: 60 
Number of Links: 3 






Task 5 

Configure R2 such that if it docs not receive an acknowledgment from R3 for a given 
LSA, it waits lor 10 seconds before it resends that given LSA. 








On R2 

R2(config)#int fOVO 

R2(config-if)#ip ospi' retransmit- interval 1(1 

When an OSPF enabled muter sends an LSA to it's neighbor, it keeps the LSA until 
it receives an ACK from that given neighbor. If the retransmission timer expires 
and the router receives no ACKs, the muter will resend that LSA. The default timer 
is set to 5 seconds, and the range is 1 — 65535. 






Task 6 

Configure R2 such that it limits the number of non-self generated LSAs that an OSPF 
routing process can keep in the OSPF LSDB to 900. 






On R2 

R2(conflg-if)#roiUcr ospf 1 
R2 (con fig-ro iiter)#m ax - Is a 90 

By default the number of non-self-generated LSAs that an OSPF routing process 
can keep in the database is not limited. To limit this number, we can use the "max- 
Isa'" command in the router configuration mode. This command contains the 
following fields: 

Max-lsa maximum -number [thresh old- percentage J [warning-only] [ignore- time 
minutes [ignorc-count ~ [reset- time minutes' 




cc 


IE R&* bj Narbik KucharLans Advanced CCIE R&S Work Book 2.0 Page 46Soflt 

C2Q09 Narbik Kacharuiiu. All rights reserved 


w 













> Maximum-number- The maximum number of no n- self- generated LSAs that an 
OSPF router can keep in the OSPF database. 

'r Threshold-percentage — The percentage of the maximum LSA number, as 
specified by the maximum- number, at which a warning message is logged. The 
default is 75. 

>■ Warning-only — This spec ifics that only a warning message is sent when the 
maximum limit tor LSAs is exceeded. 

> Ignore-time minutes — This value specifics the time, in minutes,, to ignore all 
neighbors after the maximum limit of LSAs has been exceeded. The default is 5 
minutes. 

> Ignore-count count-number— Specifics the number of times the OSPF process 
can consecutively be placed into the ignore state. The default is 5 times. The 
router can not exceed this number. 

£■ Reset-time minutes - This value specifics the time, in minutes, after which the 
ignore count is reset to zero. The default is 10 minutes. 






Task? 

R3 and R4 should exchange hcllos every 1 5 seconds with a dead interval of 60 seconds. 
Do NOT use ip ospf dead-interval to accomplish this task. 






On R3 

R3 (c o n fig-ro u tcr)#l n t SO/0 . 34 
R3(config-subif)#ip ospf hello-interval 15 

On R4 

R4 (c o n fig-ro u tcr)# In t SO/0 . 43 
R4(config-subif)#ip ospf hello-interval 15 

Once the hello-interval is set, OSPF process will set the dead-interval to he four 
times the hello-interval. The default value for the hello timer is as follows: 

> On Ethernet segment its set to 10 seconds. 

> On Non-broadcast networks, its set to 30 seconds. 

To verify the confimiration: 
On R4 




cc 


IE R&<> b> Narbik Kochariami Advanced CC1E R&S Work Book 2.0 Page 466 of It 

C2009 Narhik Kucha riinx All rhjhu reserved 


>6S 



R4*Show ip ospf int SO/0.43 

ScrialO/0.43 is up, line protocol is up 
Internet Address 10.1.34.4/24, ArcaO 

Process ID 1, Router ID 4.4.4.4, Network Type POINT_TO_POiNT 1 Cost: 64 
Transmit Delay is 1 sec, State POINT_TO_POINT, 
Timer intervals configured,, Hello 15, Dead 60, Wait 60. Retransmit 5 

oob-rcsync timeout 60 

Hello due in 00:00:03 
Supports Link-local Signaling (LLS) 
i The rest of the output is omitted) 



Task 9 

Erase the startup configuration and reload the routers before proceeding to the next lab. 



CCIE R&«> by Narbik Kucharians Advanced CCIE R&S Work Book 2.0 Pqge 46? of 1068 

C 2009 Narbik Kuchiriani. All rij|hU rtiervtii 



Lab 3 - OSPF Authentication 



Lab Setup: 



Area 




Configure all frame-relay connections in a point-to-point manner. 
Use the IP addressing scheme below for IP addressing assignment. 



CCIE R&S by Narbik Kuchariara Advanced CC1E R&S Work Book 2.0 

C2009 Mirbik Kucha riani. All rijhu reserved 



Page 468 of 1068 



IP Addressing scheme: 



Routers 


Interface ll J Address 


Connecting to: 


Rl 


SO/0.12-10.1.12.1 '24 
LoopbackO- 1.1.1.1/24 


R2 


R2 


SO/0.21 - 10.1.12 2. 114 

SO/0.23- 10.1.23.2 ,'24 
Loopback 0-2.2.2.2/24 


Rl 
R3 


R3 


SO/0.32- 10.1.23.3/24 
SO/0.34-10.1.34.3/24 
Loopback 0-3.3.3.3 ,'24 


R2 
R4 


R4 


SO/0.43-10.134.4 '24 
SO/0.45-10.1.45.4 24 
Luupback - 4.4.4.4 '24 


R3 
R5 


R5 


SO/0.54-10.1.45.5/24 
Loopback 0-5.5.5.5 .'24 


R4 



Task I 



Configure the frame-relay interface/' s and the loophack interface's of all routers in area 0. 
and ensure that the loophack interfaces arc advertised with their correct mask. The router- 
id of the routers in this area should be based on their loophack interfaces' IP address. 



On Rl 

Rl(config-fr-dlci)#int bO 

Rl (config-if)??ip ospf net point-to-point 

R 1 (c o n fig)* Ro titer a sp f 1 

Rl (eon fig-router)?? router- id 1 . 1 . 1 . 1 

Rl i;config-routcr)#nctw 1.1.1.1 0.0.0.0 are 
Rl(config-router)??nctw 10.1.12.1 0.0.0.0 arc 

On R2 

R2(config)??int loO 

R2(config-if)??ip ospf network point-to-point 

R2(config-if)??routcr ospf 1 

R2 (con fig-router)?* router-id 2.2.2.2 

R2(config-routcr)??nctw 2.2.2.2 0.0.0.0 area 



CCIE R&S by Narvik Kucharians Advanced CC1E R&S Work Book 2.0 

C2009 V»rl>ik Kucha rlim All rijhu reserved 



Page 469 of 1068 



R2(config-roLitcr)#nctw 1 0. 1. 12.2 0.0.0.0 area Q 


R2(config-routcr)#netw 10.1.23.2 0.0.0.0 area 


On R3 


R3(config)#int loO 


R3(config-if)rrip ospf network point-to-point 


R3(config-if)#roLitcr ospf 1 


R 3 1 c o n fig-ro u t cr) £ ro ut cr- id 3.3.3.3 


R3(config-routcr)#nctw 3.3.3.3 0.0.0.0 area 


R3(config-router)#nctw 10. 1.23.3 0.0.0.0 area 


R3 (con fig-ro utcr)#nctw 10. 1.34.3 0.0.0.0 area 


On R4 


R4(config)#int loO 


R4 (c o n fig- if)#i p o sp f n ct wo r k p o in t -t o - po i nt 


R4(config-if)#routcr ospf 1 


R4(config-roLiter)#routcr-id 4.4.4.4 


R4(config-roLitcr)#nctw 4.4.4.4 0.0.0.0 area 


R4 (con fig-ro Litcr)£nctw 1 0. 1.45.4 0.0.0.0 area 


R4 (con fig-ro uter)#nctw 1 0. 1.34.4 0.0.0.0 area 


On R5 


R5(config)#int loO 


R5(config-if)#ip ospf network point-to-point 


R5 (con fig- if)#ro Liter ospf 1 


R5iconfig-roLitcr)r#roLitcr-id 5.5.5.5 


R5(config.roLiter)#nctw 10. 1.45.5 0.0.0.0 arcaO 


R5(config-roLitcr)#nctw 5.5.5.5 0.0.0.0 area 


To verify the configuration: 


On Rl 


Rl^Show in route osnf Inc 



CCIE R&S by Narbik KueharLans Advanced CC1E R&S Work Book 2.0 Page 4?0oflQ68 

C2009 N»rbik Koch* runs. All rijhu raerved 



2.2.2.0 [110/65] via 10.1.12.2,00:00:21, ScrialO'O. 12 

3.3.3.0 [110 129] via 10.1.12.2, 00:00:21, SeriaiO/Q. 12 

4.4.4.0 [110. 193] via 10.1. 12.2, 00:00:21, Scrial0.'0. 12 

5.5.5.0 [110/257] via 10.1. 12.2, 00:00:10, ScrialO'0.12 

10.123.0 [110/128] via 10.1.12.2,00:00:21, ScrialO/0.12 

10. 1 .45.0 [ 1 1 0/256] via 10.1. 1 2.2, 00:00:2 1 , ScrialO/0.1 2 

1 0. 1 .34.0 [ 1 1 0/ 1 92 J via 1 0.1.12 .2, 00500:2 1 , ScrialO/0. 1 2 



Task 2 

Configure plain text authentication on all the Frame-relay links in this area. You should 
use a suh-routcr configuration command as part of the solution to this task. Use "Cisco" 
as the password for this au then tic at ion. 



OS PF supports two types of authentication, plain text (64 bit password) and MD5 
(Which consists of a key ID and 128 hit password). In OSPF, authentication must 
he enabled and then applied. 

In OSPF, enabling authentication can be configured in two different ways: one way 
to enable OSPF authentication is to configure it in the router configuration mode, in 
which case authentication is enabled globally on all OSPF enabled interfaces in the 
specified area. The second way to enable authentication is to configure it directly on 
the interface for which authentication is required. 

On Rl 



Rl(config)#routcrospf I 

Rl (config-routcr)n i arca authentication 

Rl (config-routcr)#int SO/0. 12 

R 1 (c o n fig-s ub if )#i p o sp f au then tic at io n -key C isco 

On R2 

R2 (c o n fig)#ro u t cr o sp f 1 
R2(config-router)#arca authentication 

R 2 1 c o n fig-ro u tcr)#in t SO/0 . 2 1 
R2(config-subif)#ip ospf authenticat ion-key Cisco 

R2i;config-sLibif)#int SO/0.23 

R2 (con fig-s ub if)#ip ospf aut hen tkat ion -key Cisco 



CCIE R&!s by Narhlk kuchariaiw \d\ anted CCIE R&S Work Book 2.11 Page 471 of 1068 

C 2009 Xarbik. Kuclmriini. All rijjhU raervetl 



To verify the configuration: 

On R2 

R2f*Show ip ospf interface SO/0.21 

ScrialO/0.21 is up, line protocol is up 
Internet Address 10. 1. 12.2 24 , Area 
Process ID L Routei ID 2.2.2.2, Network Type P01M_TO_P01NT, Cost: 64 

Transmit Delay is 1 sec, State POINT_TO_POINT, 

Timer intervals configu red , Hello 1(1. Dead 40. Wait 40, Retransmit 5 

oob-rcsync timeout 40 

Hello due in 00:00:06 
Supports Link -local Signaling (LLS) 
Index 2''2, flood queue length 
Next 0x0(0)/ 0x0(0) 

Last Hood scan length is 1, maximum is 1 
Last flood scan time is msec, maximum is 4 msec 
Neighbor Count is i, Adjacent neighbor count is 1 

Adjacent with neighbor 1 . 1. 1 . 1 
Suppress hello for neighbor! s) 
Simple password authentication enabled 

Note the output of the above "Slum'" command verifies that a simple password 
authentication is enabled and applied to this interlace. 

R2#Show ip ospf neighbor 

Neighbor ID Pri State Dead Time Address Interface 

I.I. 1.1 FULL/ - (11:00:30 10.1.12.1 ScrialO 0.2 I 

R2#Show ip route ospf Inc C) 

1 . 1 . 1 .0 [ 1 10/65 J via 10.1. 12. 1 , 00:05:00, ScrialO 0. 2 1 

On R3 

R3(config)#routcrospf I 

R3 (con fig-router)* area D authentication 

R3(config)#intS0,'u\32 

R3(config-subif)#ip ospf authentication-key Cisco 

Rjjgcmfjggkj SO/0.34 



CCIE R&S b) Narblk KuL-harLuiw Advanced COE R&S Work Book 2.11 Pqge 472 of 1068 

£ 2009 Narbik Kucha rian». All rijhu raervwl 



R3(config-SLibif)#ip ospi' authentication-key Cisco 
To verify the configuration: 

On K3 

R3*Sho\v ip route ospt' Inc 

O 1. 1 . i .0 L I i 0/129] via 10.1.23.2, 00:0 1 :36, ScrialO/0.32 
2.22.0 [110/65] via 10.1.23.2,00:01:36, SerialG'0.32 
10. 1.12.0 [11 0/128] via 10. 1232, 00:0 1:36, ScrialO 0.32 

On K4 

R4(eonfig)#int SO/0.43 

R4 (c a n fig-s ub if)#ip o spl' a u then t ic a t i on - key Cisco 

R4(config-subifl#int SO/0.45 

R4 (c o n fig-s ub if)#ip o spi' a u then t ic a t i on - key Ci s c u 

R4(config-subif)#ro Liter ospf I 
R4(config-routcr)r*area authentication 

'I'tn verity the configuration: 



On R4 

R4#Show ip route ospf Inc O 

1. 1 . 1 .0 L 1 1 0' 193] via 10.1.34.3, 00:00:21, ScrialO/0.43 

2.22.0 [110 129] via 10.1.34.3, 00:00:21 , ScrialO/0.43 

3.3.3.0 [110/65] via 10.1. 34.3, 00:00:21, ScrialO/0.43 

10. 1 .12.0 [ 11 0/1 92] via 10. 1 .34.3, 00:00:2 1 , ScrialO/0.43 

10.123.0 [110/128] via 10.1.34.3, 00: 00:21, ScrialO/0.43 

On K5 

R5(eonfig)#RoLitcr ospf 1 
R5(conl1g-roLitcr)#area D authentication 

R5(config-router)#int SO/0. 54 

R5iConfig-SLibif)#ip ospf authentication-key Cisco 



CCIE R&5* by NarMk Kucharians Advanced CCIE R&S Work Book 2.0 Page 473 of 1068 

C 20419 Virbik. Kucharum. All rijjIiU rtiervMl 











To vcrilY the configuration: 

On R5 

R5#Show ip route ospf Inc 

l.l.l .0 [ 1 1 0/257 J via 1 0. 1 .45.4, 00:00:44, ScrialO'O. 54 
Z7.Z0 [11 ' 1 93 J via 1 0. 1 .45.4, 00:00:44, ScriaHHJ.54 
O 3.3.3.0 [110. 129J via 10.1.45.4, 00:00:44, ScrialO/0.54 
4.4.4.0 [110/65] via 10.1. 45.4, 00:00:44, ScrialO'0.54 
1 0. 1 . 1 2. [ 1 1 0/25 6 J via 10.1 .45 .4, 00:00:44, ScrialO/0.54 
1 0. 1 .23.0 [110/192] via 10. 1 45.4, 00:00:44, ScrialO/0.54 
1 ft 1 .34.0 [11 0/128J via 1 0. 1 45.4, 00:00:44, ScrialO/0.54 






Task 3 

Remove the authentication configuration from the previous task and ensure that every 
router sees every mute advertised in area 0. 






On All Routers 

(coniig)r*routcrospf 1 
(config-routcr)#NO area authentication 

On Rl 

Rl(config)#intS0Q.12 

Rl (config-subif)#NO ip ospf authentication-key Cisco 

On R2 

R2(config-sutaif)#int SO/0.2 1 

R2 fc o n fig-s ub if)#\ ( ) ip o sp f au t h en t k at io n- key C i sco 

R2(config-subif)#int SO/0.23 

R2(contig-subit)#\(> ip ospf authentication- key Cisco 

On R3 

R3(ocmfig-routcr)#int SO/0.32 




cc 


IE R&«* bj Narvik Kocharians Advanced CCIE R&S Work Book 2.0 Page 474 of It 

C 2009 NarbikKochariaiu. All rijhu raerved 


US 



R3(config-subif)#NO ip ospf authentication-key Cisco 

R3(confIg.subif)#int SO/0.34 

R3(config-subif)#\0 ip ospf authentication- key Cisco 

On K4 

R4(config)#intS0.D.43 

R4(config-subif)#NO ip ospf au then ticat ion- key Cisco 

R4(config-subif)#int SO/045 

R4(config-subif)#\0 ip ospf authentication-key Cisco 

On \15 

R5(config)#m1 SO/0.54 

R5 (c o n fig-s Lib if)#N ip ospf an t h en t scat io n- key C i sco 



To verify the configuration: 



On Kl 

Rl#Sho\v ip route ospi' Inc 

Q 2.2.2.0 [110 65] via 10.1.12.2,00:00:10, ScrialO 0. 12 
3.3.3.0 [110/129] via 10.1.12.2, 00:00:1 O t ScrialO/0. 12 
4.4.4.0 [110/193J via 10.1. 12.2, 00:00:10, ScrialG'0.12 
5.5.5.0 [110/257] via 10.1. 12.2, 00:00:10, ScrialO/0.12 
10. 1.23.0 [110/128] via 10. 1.12.2, 00:00: 10, ScrialO/0.12 
10.145.0 [110/2561 via 10.1.12.2,00:00:10, ScrialO/0.12 
1 0. 1 .34.0 [ 1 1 0/ 192J via 10. 1.12.2, 00:00: 10, ScrialO/0. 1 2 



Task 4 

Configure MD5 authentication on all the Frame-relay links in this area. You should use a 
sub-router configuration command as part of the solution to this task. Use "Cisco" as the 
password for this authentication. 



The following command enables MD5 authentication on the routers using the muter 

configuration mode: 



CCIE R&«* by Narblk KuL-harLaiw Advanced CC1E R&S Work Book 2.0 Page 47Safl068 

C2Q09 NarbikKochiiruinx All rijhu raerved 



On All Koutcrs 

( configWroutcr ospf I 

(config-routcr')#arca authentication message-digest 

On kl 



R! i:contlg-roLitcr)#int SO/0. 12 

R 1 ( c n fig-s ub if)#i p o sp f mes sagc-d igest -k cy I M D5 C is co 

On R2 

R2 (e o n fig-ro utcr)#in t SO/0 . 2 1 

R2 icon fig-s Lib ii)#ip ospf mes sagc-d igest -key 1 MD5 Cisco 

R2iconfig-subif)#int SO/023 

R2(config-subif)#ip ospf message-digest -key 1 MD5 Cisco 

To verify the configuration: 

On K2 

R2*Show ip ospf interface SO 0.2 1 

Scrial0.'0.21 is up, line protocol is up 
Internet Address 1 .0.1 . 12.2''24 s Ai*a 

Process ID 1, Router ID 2.2.22 s Network Type POINT_TO_P01NT r Cost: 64 
Transmit Delay is 1 sec. State POINT_TO_POINT, 
Timer intervals con figu rod. Hello 10, Dead 40, Wait 40, Retransmit 5 

oob-rcsync timeout 40 

Hello due in 00:00:00 
Supports Link-local Signaling (LLS) 
Index 2'2, flood queue length 
Next 0x0i;0)/0x0(0) 

Last Hood scan length is 1, maximum is 2 
Last Hood scan time is msec, maximum is 4 msec 
Neighbor Count is l t Adjacent neighbor count is 1 

Adjacent with neighbor I . I . I . I 
Suppress hello tbrO ncighbor(s) 
Message digest authentication enabled 

Youngest key id is 1 

Note the output of the above "Show" command reveals that MD5 authentication is 
enabled and applied and the key 1 is in use. 



CCIE R&S b\ Narbik kuL-hariuiH Adt wiccd OCIE R&S Work Book 2.11 Page 47b of 1068 

£ 3009 Narbik Kucha rianx All righu reserved 



R2#Show ip route ospf 




1.0.0.0/24 is sub netted, 1 subnets 
1 . 1 . 1 .0 [ 110/65] via 1 0. 1.12.1, 00:0 1 :50 s 


ScrialO'0.21 


On R3 




R3(config)#int SO/0.32 

R 3 (e o n fig-s ub if )#i p o sp f mes sagc-d igest-k cy 1 


MD5 Cisco 


R3(config-subif)#int SO/0.34 
R3(ecmfig-Stibif)#ip ospf message-digest -key 1 


MD5 Cisco 


To verity the configuration: 




On R3 




R3f*Sho\v ip route ospf Inc 




1 . 1 . 1 .0 L 1 1 ' 129] via 1 0. 1 .23.2, 00:00: 1 1 
? 7 ?0 [110, 65] via 10.1.23.2,00:00:1 1. 
O 10. 1.12.0 [110/128] via 10.123.2, 0O.00 


, ScrialO'0.32 
ScrialQ.'0.32 
1 1 , ScrialO/0.32 


On R4 




R4(config)#intS0.0.45 

R4(config-subif)#ip ospf mcssagc-digcst-kcy 1 


MD5 Cisco 


R4(config-subif)#int SO.0.43 

R4(eonfig-subif)#ip ospf mcssagc-digcst-kcy 1 \1D5 Cisco 


To verify the configuration: 




On R4 




R4#Sho\v ip route ospf Inc O 




O 1. 1 .1.0 [110 '193] via 10.1.34.3, 00:00:21 
22.2.0 [110:1291 via 10.1.34.3, 00:00:21 
3.3.3.0 [110/65] via 10.1.34.3,00:00:21, 
10. 1.12.0 [110/192] via 10. 1.34.3, 00:00 
10. 1.23.0 [110/128] via 10. 1.34.3, 00:00 


, ScrialO/0.43 
, ScrialO'0.43 
ScrialG'0.43 
21 s ScrialO/0.43 
21 s ScriaH)/0.43 



CCIE R&z*> b\ Narbik KuL-hariaiw Adt anctd OOE R&S Work Book 2.0 Page 47? of 1068 

C 2009 Narbik Koch* runs. All rq|bu rtservwl 











On R5 

R5(config)#intS0,0.54 

R5(config-subii')#ip ospf message-digest -key 1 MD5 Cisco 

To verify the configuration: 

On R5 

R5#Show ip route ospt" Inc 

1. 1 .1.0 [110/257] via 10.1.45.4, 00:00:42, ScrialO.' 0.54 
2,22,0 [110/193] via 10.1.45.4, 00:00:42, SerialO/Q.54 
3.3.3.0 [110/129] via 10.1.45.4, 00:00:42, ScrialO/0.54 
4.4.4.0 [110/65] via 10.1.45.4, 00:00:42, ScrialO/0.54 
1 0. 1 .12.0 [110 256] via 10. 1 45.4, 00:00:42, ScrialO 0.54 
1 ft 1 .23. [ 11 0. 1 92 J via 1 0. 1 45.4, 00:00:42, ScrialO/0.54 
10. 1.34.0 [110:128] via 10. 1.45.4, 00:00:42, ScrialO 0.54 






Task 5 

Remove the authentication configuration from the previous task and ensure that every 
router sees every route advertised in area 0. 






On All Routers: 

(config^routcrospf 1 

(config-routcr)#N() area authentication message-digest 

On Rl 

Rli;eonfig-router)#int S0/0. 12 

Rl (config-if)#NO ip ospf message-digest- key 1 MD5 Cisco 

On R2 

R2(config)#int SO/0.21 

R2(config-subif)#NO ip ospf message-digest -key 1 MD5 Cisco 

R2i;config-subif»#int SO/0.23 




cc 


IE R&* b> Narfaflc KocharLans Advanced CCIE R&S Work Book 2.0 Page 4?Saflt 

C 2009 NarbikKocharianx All rq|hu raerved 


)6S 



R2(ccmfig-Sttbif)#NO ip ospf message-digest -key 1 MD5 Cisco 

On R3 

R3ieon%)#intS0Q.32 

R3(eonfig-subif)#>>0 ip ospf messagc-digest-key 1 MD5 Cisco 

R3i;config-subif)#int SO/0.34 

R3(OOiifig-Siibif)#NO ip ospf mess age-digest-key 1 MD5 Cisco 

On R4 

R4(eonfig)#int SO 0.43 

R4(eonfig-subif)#XO ip ospf message-digest -key 1 MD5 Cisco 

R4(config-subif)#int SO. 0.45 

R4(eonfig-subif!l#XO ip ospt' message-digest -key 1 MD5 Cisco 

On R5 

R5(config)#intS0.0.54 

R5(eonfig-subif)#NO ip ospf mess age-digest-key 1 MD5 Cisco 

To verify the configuration: 

On R5 

R5#Sho\v ip route ospf Inc 

1 . 1 . 1 .0 1 1 1 0/257] via 10. 1 .45.4, 00:09: 1 3, ScriaIQ.'{).54 

2.22.0 [110/1 93 J via 10.1.45.4, 00:09:1 3, ScrialO'0. 54 

3.3.3.0 [110/129J via 10.1.45.4, 00:09:13, ScrialO/0. 54 

4.4.4.0 [110/65] via 10.1.45.4,00:09:13, ScrialO'0.54 

10.1.12.0 1110/256] via 10.1.454, 00:09:13, ScrialO/0.54 

10.123.0 [110/1921 via 10. 1.45.4, 00:09:13, ScrialO/0.54 

10.1.34.0 [110/128] via 10 .1. 45.4, 00:09:13, ScriaKl'0.54 

R5#Show run S router ospf 1 

router ospf I 
rout Ar- id 5.5.5.5 

log-adj ac en cy- C h an gc s 
network 5.5.5.5 0.0.0.0 area 
network 10.1.45.5 0.0.0.0 area 



COE R&*> b) Narbik KuL-hariaiw Advanced CCIE R&S Work Book 2.11 Pqge 4?9afl068 

C 2009 Narbik Kucha riaiu. All rig h Unnerved 



Task 6 

Configure MD5 authentication on the Frame-relay link connecting Rl to R2. you should 
use a router configuration command as part of the solution to this task. The password 
should be "ccic : \ 



On Both Routers: 

i L'onJ:g)-ro Liter ospf I 

(config-routcr^arca authentication message-digest 

On Rl 



RI(config)#intSO/0. 12 

R 1 (c o n fig-s ub if)#i p o sp f mes sagc-d igest -k cy 1 M D5 ccic 

On R2 

R2(config)#intS0 0.21 

R2(eonl1g-subif)#ip ospf mes sagc-d igest-key I MD5 ccie 

To verify the configuration: 

On R2 

R2"Sho\v ip route ospf Inc 

1 . 1 . 1 .0 [ 1 10/65] via 10.1 . 12. 1 , 00:00:43, ScrialO/0.2 1 

Note because authentication was enabled in muter configuration mode, every router 
in area MUST have authentication enabled. Since R3 does NOT Inn c 
authentication enabled, R2 will NOT form an adjacency with R3, therefore, they 
will NOT exchange updates. 



Task? 

Configure these routers such that every router has every prefix advertised in this topology 
in their routing table and Link state database. 



On R3. R4 and R5 



CCIE R&*> by Narblk KuL-huriuiw AdtuicedCCIE R&S Work Book 2,11 Page 480 of 1068 

C2009 Narbik Kucha runs. All rijliu raerved 











(config-routcr)#arca authentication message-digest 
To verify the configuration: 

On R2 

R2#Show ip route ospt' Inc 

1. 1 . i .0 L 1 1 0/65] via 10.1 . 12. 1 , 00:01 :01 , Serial 0/0. 21 
3.3.3.0 [110/65] via 10.1.23.3,00:01:01, Serial 0/0. 23 
4.4.4.0 [ 110/129] via 1 0. 1 . 23. 3, 00:0 1 :0 1 , ScrialO/0.23 
5.5.5.0 [110/193] via 10.1.23.3, 00:01:01,ScrialO/0.23 
1 0. 1 .45.0 [110.. 1 92] via 1 0. 1 .23.3, 00:0 1:01, ScrialO/0.23 
10. 1.34.0 [110/128] via 10.1.23.3, 00:01:01, ScriaK)/0.23 

Note once the authentication is enabled on the other routers, they will form 
adjacency and exchange mutes. 






Task 8 

Remove the configuration from the previous task and reconfigure R2 such that every 
router has every prefix advertised in this topology in their routing table and Link state 
database. DO NOT remove the authentication that is applied to the link between Rl and 
R2. 






On R3. R4 and R5 

(config-routcr^No area authentication message-digest 

To verily the configuration : 

On R2 

R2#Show ip route ospf Inc O 

1. 1 . 1 .0 L 1 1 0/65] via 10.1 . 12. 1 , 00:00:06, ScrialG'0.21 

To configure this task, we must disable authentication on the interface facing R3 
using the "IP OSPF authentication null" interface configuration command, meaning 
that there is no need to have authentication passed ,23 interface of R2. Therefore, 




cc 


IE R&* b> Narbik Kuchariatis Advanced CCIE R&S Work Book 2.0 Page 48! of It 

C2Q09 Narbik Kucha rliia All rijjIiU rcirrvcil 


)68 











R3, R4 and' or R5 do NOT need to have authentication enabled. 

On R2 

R2i;config)#intS0/0.23 

R2(config-subif)#ip ospf authentication null 

I o verify the contlauration: 

On R2 

R2#Show ip route ospf Inc 

1. 1 .1.0 [110/65] via 10.1. 12.1, 00:03:02, Serial 0/0. 21 
3.3.3.0 [110/65] via 10.1.23.3,00:03:02, ScrialO'0.23 
4.4.4.0 [110/129] via 10.1.23.3, 00:03:02, ScrialO/0.23 
5.5.10 [11 0/ 1 93] via 10.1 . 23.3, 00:03:02, Serial0'0.23 
10. 1.45.0 [110/192] via 10.123.3, 00:03:02, ScrialO/0.23 
O 10. 1.34.0 [110/128] via 10.123.3,00:03:02, ScrialOO.23 






Task 9 

Re-configure the authentication password configured in task 6 to be "CC1ERS" without 
interrupting the links operation. 






To see the current configuration: 
On Rl 

R l~Show run int SO 0. 12 1 b interface 

interface ScrialO/0.12 point-to-point 
ip address 10. 1.12.1 255.255.255.0 

ip ospf messaye-digesl-key 1 md5 ccie 
f ram c- relay i ntcrfacc-d lei 102 

On R2 

R2*Showrun inter SO D.2 1 h interface 




cc 


IE R&* b) Narbik KoeharLami Advanced COE R&S Work Book 2.0 Page 482 of It 

C 2009 Narbik Kucha riaiu. All rijhu raerved 


168 



interface ScrialO/OJZl point-to-point 

ip address 10. 1. 12.2 255.255.255.0 

ip ospl - message-digest-key 1 md5 ccie 
frame-relay intcrfacc-dk'i 201 

R2nSho\v ip route ospt' lnc() 

1. 1.1.0 [110/65 J via 10.1.12.1, 00:06:26, ScrialO 0.21 

13.3.0 [110 65] via 10.1.23.3,00:06:26, ScrialO/0.23 

4.4.4.0 [110 129 J via 10.1.23.3, 00:06:26, ScrialO/0.23 

5.5.5.0 [110/ 193] via 10.1.23.3, 00:06:26, SerialO'0.23 

10.1.45.0 [110/192] via 10.123.3,00:06:26, Scrial0/023 

10.1.34.0 [110/1281 via 10.123.3,00:06:26, ScrialO/0.23 

To eh a n ae the passwords without any interruption to the link the second key is 
en It. 1 red with tin. 1 required passu urd: 

On kl 



Rl(config)#intS0 0.12 

Rl (eonfig-subif)#ip ospl message- digest- key 2 MD5 CC1ERS 

To verify the configuration: 

On kl 

R l~Show ip ospf inter SO 0. 12 1 b Message 

Message digest authentication enabled 
Youngest key id is 2 

Rollover in progress, 1 neighbor!, s) using the old key(s): 
key id 1 

Note even though the second key (key 2) is only configured on Rl, Rl and R2 are 
still authenticating based on the first key (key I), this is revealed in the second line. 
But the router knows that the second key is configured (The second line in the above 
display) and it knows that the rollover is in progress (The third line), but the other 
end (R2) has not been configured yet. 

On k2 

R2i;config-subif)#int SO '021 

R2iconfig-il>ip ospl message- digest- key 2 MD5 CC1ERS 



CCIE R&S b> Narblk Kucharians Advanced OCIE R&S Work Book 2.11 Page 483 of 1068 

C2009 XarbikKocharianx All riflhU raervctl 



To verify the configuration: 

On R2 

R2*Sh ip ospf inter SO 0.21 b Message 

Message digest authentication enabled 
Youngest key id is 2 

Xote once R2 is configured, both routers (Rl and R2> hi 1 1 snitch over and use (lie 
second key for their authentication. 

On Rl 



Rl^Show ip ospf interface SO/0.12 I b Message 

.Message digest authentication enabled 
Youngest key id is 2 

Once Rl and R2 rollover is completed and both routers display the same youngest 
key without the "rollover in progress" message, we can safely remove the prior key, 
in this case key id 1. Remember that the newest key is NOT determined based on the 
numerical higher value. 

On Rl 



Rl^Show run int SO/0. 12 I Ine ip ospf 

ipospf message-digest- key 1 mdSccic 

ip ospf message-digest- key 2 md5 GOERS 

Rl(config)#intS0/0.12 

RI(config-SLibif)#NO ip ospf mcssagc-digcst-kcy 1 md5 ccic 

On R2 

R2r*Show run int SO 0.21 Inc ip ospf 

ip ospf mcssagc-digcst-kcy I md5ccic 

ip ospf mcssagc-digcst-kcy 2 md5 GOERS 

R2(con%)# int SO/0.21 

R2(config-subif)#NO ip ospf mcssagc-digcst-kcy 1 mdS CC1KRS 



CHE R&«* by Narbik Kuehariaiis Advanced CCIE R&S Wark Book 2.0 Page 484 of 1068 

C 2009 NarbikKochariaiu. All riflhla raervetl 



Task 10 

Remove the configuration from the previous task and task 8 and reconfigure MD5 
authentication between Rl and R2 such that every router has every prefix advertised in 
this topology in their routing table and Link state database. DC) NOT use any router 
configuration mode command to accomplish this task. 



On Rl and R2 

(con±ig)rrroutcrospf I 

(conlig-routcr)#NO area authentication message-digest 

On R2 

R2(config)#int SO/0.23 

R2(config-subif)#NO ip ospf authentication null 

Note the following command enables authentication directly under the .21 interlace 
and NOT in router configuration mode 

R2(config)#intS0.0.2I 

R2(config-subif)#ip ospf authentication message-digest 

On Rl 



RI(config)#intS07u\12 

Rl (config-SLibif)#ip ospf authentication message-digest 



To verify the configuration: 



On Rl 

Rl^Show run inter SO/0.12 Inc ip ospf 

ip ospf authentication message- digest 

ip ospf message-digest- key 2 md5 GOERS 

On R2 

R2#Show run int SO/0. 2 1 Inc ip ospf 

i p o sp f au t he nt katio n messagc-d iges t 

ip ospf mcssagc-djgcst-kcy 2 mdf CC'IERS 



CCIE R&<> by Narbik KucharLuiis Advanced CCIE R&S Work Book 2.0 Page 48St>flQ68 

C2Q09 Xarbik Kachariani. All rijjhtj reirrvfii 



Note uIil'ii authentication is enabled directly under a given interface, it no longer 

needs to be enabled on all other routers in that area. When authentication is enabled 
directly under a given interface, it's called per-interface authentication. 

To test the configuration: 



On Kl 

R1#Show ip route ospf inc O 

2.22.0 [110/651 via 10.1.12.2,00:14:36, ScrialOO. 12 
3.3.3.0 [110/129] via 10.1.12.2, 00:14:36, ScrialO/0.12 

4.4.4.0 [110/193] via 10.1. 12.2, 00: 14:36, ScrialO/0.12 
5.5.5.0 [110/257] via 10.1.12.2, 00:14:36, ScrialO/0. 12 
10. 123.0 [110/128] via 10. 1.122, 00:14:36, ScrialO/0.12 
10.1.45.0 [110/256] via 10. 1.12.2, 00:14:36, ScrialO/0.12 
10.1.34.0 [110/192] via 10.1.122,00:14:36, ScrialO/0.12 

On R2 

R2#SjjOW ip route ospf ! Inc O 

1. 1.1.0 [110/65] via 10.1.12.1,00:17:32, ScrialOO. 21 
3.3.3.0 [110/65] via 10.123.3,00:17:32, ScrialQ 0.23 

4.4.4.0 [110.129] via 10.1.23.3, 00:1 7:32, ScrialO/0. 23 
5.5.5.0 [110/193] via 10.1.23.3, 00:1 7:32, ScrialO/0. 23 
10.1.45.0 [110/192] via 10.123.3,00:17:32, ScrialO/023 
10. 1.34.0 [110/128] via 10. 1.23.3, 00:17:32, ScriaK)/0.23 



Task 11 

Re- configure the routers using the following chart, Configure OSPF router- id of the 
routers to be based on their Loop back interfaces' IP address, ensure that every router has 
every prefix advertised in this routing domain in their routing tabic and Link state 
database: 



Router 


Interface 


Area 


Rl 


SO/ D. 12 

Loopback 







R2 


SO/0.21 
SO/0.23 




i 



CCIE R&«> bv Narbik Kuirharians 



Advanced CC1 E R&S Work Book 2.0 

C 2009 Narbik Kucha riant. Ail rijhta reerved 



Page 486 of 1068 





Loopback 


1 


R3 


SO/0.32 

SO ■'0.34 
Loopback 


1 

2 
2 


R4 


SO/0.43 

SO/ 0.45 
Loop buck 


2 
3 
3 


R5 


SO/0.54 
Loopback 


3 

3 



On Rl 

Rl(eonfig)#\0 router ospf I 

Rl (configure) utcr ospf I 

Rl (corifig-routcr)#rout cr-id 1 . 1 . 1 . 1 

Rl(config-routcr)#nctw 10.1.12.1 0.0.0.0 arcaO 
Rl .(conf:g-routcr)#nctw 1.1.1.1 0.0.0.0 area 

Rl(config)#intS0..t).12 

Rl(eonfig-sub)#NO ip ospf message-digest key 2 CC1ERS 

On R2 

R2(config)#\0 router ospf 1 

R2(config)#routcrospf I 

R2(c on tig -router)?* rout cr-id 2.2. 2.2 

R2i;eonfig-roLiter)#nctw 10.1.12.2 0.0.0.0 arcaO 
R2i;config-roLitcr)#netw 10.1.23.2 0.0.0.0 area 1 
R2(config-routcr)#nctw 2.2.22 0.0.0.0 area 1 
R2(corifig-router)#arca 1 virtual-link 3.3.3.3 

R2(config)#int SO 0.21 

R2(config-sub)#\() ip ospf message-digest key 2 CC1ERS 

On R3 

R3(config)#\0 router ospf 1 

R3(OOiiifigJ#ro utcr ospf I 

RjfconHg-roLitcdr^roLitcr-id 3.3.3.3 



CCIE R&* by Narbik Koehariuiw Advanced CC1E R&S Work Book 2.11 

C2009 NarlrikKuchariini. All riflhU rtitn til 



Page 487 of 1068 



R3(config-routcr)??nct\v 10. 1.23.3 0.0.0.0 area 1 
R3(config-routcr)??nctw 10.1.34.3 0.0.0.0 area 2 
R3(config-routcr)?' t nctw 3.3.3.3 0.0.0.0 area 2 
R 3 (c o n fig-ro u t cr)??ar ca 2 vi rtua 1- li nk 4 .4 . 4. 4 
R 3 (con fig-ro utcr)??arca 1 virtual- link 2J2.2.2 

On R4 

R4(config)??\0 router ospf 1 

R4 (c o n fig )~ router o sp 1* 1 
R4(config-routcr)?? router-id 4.4.4.4 

R4 (con fig-ro utcr)??nct\v 10.1.45.4 0.0.0.0 area 3 
R4 (con fig-ro utcr)#nctw 4.4.4.4 0.0.0.0 area 3 
R4(config-routcr)ri ! net\v 10.1.34.4 0.0.0.0 area 2 

R4 1 c o n fig-ro u ter)#arca 2 vi rtua 1- li nk 3.3.3.3 

On R5 

R5(config)??\0 router ospf 1 

R5 (c o n fig)?? ro u tcr o sp f 1 
R5(config-routcr)??rautcr-id 5.5.5.5 

R5 (c o n fig-ro u tcr)??nct\v 1 . 1 . 45 . 5 0. . . area 3 
R5(config-routcr)#nct\v 5.5.5.5 0.0.0.0 area 3 



To verify the configuration: 

On Rl 

Rl??Show ip route ospf Inc 

O I A 2 . 2.2.0 [ 1 1 0/6 5J v ia 1 . 1 . . 1 2 .2, 00 :00 : 32, ScrialQ.'O . 1 2 

IA 3.3.3.0 [110129] via 10.1 ..12.2, 00:00:32, Scrial0/0.12 

O [A 4.4.4.0 [110; 193] via 10.1.12.2, 00:00:32, Scrial0/0.12 

IA 5.5.5.0 [110 ,'257 J via 10.1.122, 00:00:32, Serial0/0.12 

IA 10.1.23.0 [110/128] via 10.1.12.2, 00:00:32, ScrialO/0.12 

IA 10.1.45.0 [110/256] via 10.1. 12.2, 00:00:32, ScrialO/0.12 

OlA 10.1.34.0 [IIP 192] via 10.1.12.2,00:00:32, ScnalO.0.12 



CHE R&* by NarMk KucharLans Advanced CCIE R&S Work Book 2.0 Page 488 of 1068 

C .2009 Narbik. Kucha rians. All rijhu raervetl 



On R5 










R5#Show ip 


route ospf 


IncO 






OIA 


I.I. 1.0 [110/257 


J via 10 


.1.45.4, 00:0 1:50 


ScrialO/0.54 


OIA 


2.2.2 


.0 [11 0.1 .93 


j via 10 


1.45.4. 00: 01:50 


ScrialO/0.54 


OIA 


3 3 1 


.0 [110 129 


] via 1 


1. 45.4 ,00:0 1:59 


ScrialO/0.54 





4.4.4.0 [110 65; \ 


ia 1 . 1 . 45 . 4 , 00 : 1 : 5 9 , Serial 0' . 54 


OIA 


10.1 


12.0 [11 0/2 


56] via 


10.1.45.4, 00:01: 


50, ScrialO/0.54 


OIA 


10.1 


23.0 [110/1 


92] via 


1 0.1. 45.4, 00:01: 


50, Serial 0'0. 54 


OIA 


10.1 


34.0 [110/1 


28] via 


10.1.45.4,00:01: 


59, Serial 0/0. 54 



task 12 

Configure MD5 authentication on the link between Rl and R2 in area 0, the password lor 
this authentication should be set to Micron ics, you should use router configuration mode 
to enable authentication. 



On Rl and R2 

(confag)#routcrospf 1 

(config-routcr^arca authentication message-digest 

On Rl 



RI(config)#intS0 0.12 

R 1 (c o n fig-s ub if)#ip o sp f mes sagc-d igest-k cy 1 md 5 M icro n ic s 

On R2 

R2(config)#intS0D.21 

R2(config-subif)#ip ospf message-digest -key I md5 Mkxonies 



To verify the configuration: 



On R2 

R2r*Show ip route ospf Inc 

1.1.1.01 110 65; via 10.1.12.1,00:02:32, ScnaiO.0.21 



CCIE R&$ by Narfaflc Kuchariuns Advanced CCIE R&S Work Book 2.11 

C2009 Var bik Kucha runt. All rijhU reserved 



Page 489 of 1068 



Note III does not have tiny other prefix in it's routing table, this is because 
authentication is enabled directly under the router configuration mode of Rl 
and R2 and NOT the other area routers. Enter the following commands to 
enable authentication on the other area routers: 



On R3 and K4 

(con:tig)#routcr ospf 1 

(config-routcr^arca authentication message-digest 

When a virtual-link is created (in a given ABR that router becomes an area 
router, therefore, routers R3 and R4 must have authentication enabled. 

To verify the configuration: 

On \15 

R5#Show ip route ospl' Inc O 

1 A i . 1. 1.0 [110:257] via 10.1.45.4, 00:06:30, ScrialO/0.54 

O 1 A 2.2.20 [110.. 193] via 10.1 .45.4, 00: 14:04, ScrialO/0.54 

1A 3.3.3.0 [110/129] via 10.1.45.4, 00:14:04, ScrialO/0.54 

4.4.4.0 [11 0/65 J via 10.1.45.4, 00: 14:04, SerialO'0.54 

O 1A 10.1.12.0 [110 256] via 10.1.45.4, 00:06:30, ScrialO'0.54 

O 1A 10.1.23.0 [110/192] via 10.1.45.4,00:14:04, ScrialQ/0.54 

O 1A 10.1.34.0 [110/128] via 10.1.45.4,00:14:04, ScrialO/0.54 



Task 13 

Remove all authentications and configure MD5 authentication on the link between R I 
and R2 using "Micron ics" as the password. Ensure that every router in this routing 
domain has all the prefixes advertised by all the other routers in their routing tabte and 
link state database. You should NOT configure the other routers to accomplish this task. 



On RL K2. R3 and K4 

(config^routcrospf 1 

(config-routcr')r i N(> area authentication message-digest 



CCIE R&<> bv Narbik Kuirhariami 



Advanced CCI E R&S Work Book 2.0 

C2QQ9 NarbibKucharunt. All rt||hU reserved 



Page 490 of 1068 



On Rl 

Rli;config-router)#int SO/0. 12 

Rl (config-subif)#ip ospf authentication message-digest 

R 1 (c o n fig-s Lib if)#i p o sp f mcs sagc-d igcst-k cy 1 M ic ro n ic s 

On R2 

R2(config)#intS0 0.2l 

R2(config-subif)#ip ospf authentication message-digest 

R2(ccmfig-subif)#ip ospf mcs sagc-d igcst-k cy 1 Micro nics 



To verify the configuration: 



On Rl 

Rlf»Show ip route ospf i lnc O 

IA 2.2.2.0 [1 10/65] via 10.1.12.2, 00:0 1:41, ScrialO/0.12 

[A 3.3.3.0 [110/129] via 10.1.12.2,00:01:42, Scrial0/0.12 

1A 4.4.4.0 [110/193] via 10.1.12.2,00:01:42, SerialO/0.12 

1A 5.5.5.0 [110/257] via 10.1.122,00:01:42, ScrialO/0.12 

O IA 10.1.23.0 [110/128] via 10.1.12.2,00:01:42, ScrialO/0.12 

IA 10.1.45.0 [110/256] via 10.1.12.2,00:01:41, ScrialO/0. 12 

OLA 1 0. 1. 34.0 [110/1 92] via 10.1. 12.2, 00:0 1:41, ScrialO 0.12 

On \15 

R 5" Show ip route ospf ' lnc O 

OIA 1.1.1.0 [110/257] via 10.1.45.4, 00:02:36, ScrialO.. 0.54 

1 A 2.2.2.0 [110/193] via 10.1.45.4, 00:02:36, ScrialO/0.54 

1 A 3.3.3.0 [110.129] via 10.1.45.4, 00:02:45, ScrialO/0.54 

4.4.4.0 [110/65] via 10.1.45.4,00:02:45, ScrialO'0.54 

IA 10.1.12.0 [110/256] via 10.1.45.4,00:02:36, ScrialO'0.54 

IA 10.1.23.0 [110/192] via 10.1.45.4,00:02:36, ScrialO/0.54 

IA 10.1.34.0 [110/128] via 10.1.45.4,00:02:45, ScrialO/0.54 

Note when configuring per- interface authentication, the other routers on the OSPF 
rout in u domain do not need to have authentication enabled. 



CCIE R&<> by \nrUk Kocharians Advanced CCIE R&S Work Book 2.0 Page 491 of 1068 

C 2009 Mir bib Kuchiriiiu. All righ U raervetl 



Task 14 

Erase the startup configuration and reload the routers before proceeding to the next lab. 



CCIE R&«* by Narbik Kuchariaiw Advanced CCIE R&S Work Book 2.0 Page 492 of 1068 

£ £009 >iarl>ik Kucha rlim All rij|hu raerved 



Lab 4 
OSPF Cost 




so/ai: 
, I 



Ar£3_Q 



v 



\ 




\ 



I 
I 

10y1.iaO/24 / 




Lab Setup: 

> Configure R2 and R3 in Vlan 23 

> Configure the frame- relay connection between Rl and R2 in a point-to-point 
manner. 



Ip ad dressing 



Router 



Interface and IP address 



R 



Lo0 = 1. 1.1. 1 8 

SO 0.12 = 10. 1.12.1 24 



R2 



Loll = 2.2.2.2 fa 
SO/0.21 =10.1.12.2 '24 
F0/0= 10.1.23.2/24 



R3 



Lo0 = 3.3.3.3 ■« 
F0 0= 10.1.23.3 24 



CCIE R&* by NarMk Kuehariaiw Advanced CCIE R&S Work Book 2. II 

C 2009 Varbik Kuchariini. All rijhu reserved. 



Page 493 of 1068 



Task I 

Configure all three routers in OSPF area and advertise their directly connected 
networks in this area. Ensure that all routers have XLR] to every advertised network. 
Ensure that loopback interface's is advertised with their correct mask. 



On Kl 

R 1 (c o n fig)#ro u t cr o sp f I 

Rl i;config-routcr)#netw 0.0.0.0 0.0.0.0 arc 

R 1 (c o n fig-r o u t cr)#in t loO 

Rl (config-if)#ip ospf net point-to-point 

I his task is asking us to ensure that the loopback interfaces are advertised with 
their correct mask, one nay to accomplish this task is to change their network type 
to point-to-point. 

On R2 

R2(conf]g)#routcr ospf I 
R2i;config-routcr)*nctw 0.0.0.0 0.0.0.0 arc 

R2(config-routcr)#int loO 

R2 (c o n fig- if)#i p o sp f n ct wo r k p a in t -t o - no i nt 

On R3 

R3(config)#routerospf I 
R3i;config.routcr)#nctw 0.0.0.0 0.0.0.0 arc 

R3 (c o n fig-r o u t cr)#in t loO 

R3 icon fig- if)#ip ospf network point-to-point 

To verify the configuration: 

On Rl 

Rl^Show ip route 

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP 

D - E1GRP, EX - E 1GRP external, O - OSPF, 1A - OSPF inter area 

Nl - OSPF NSSA external type 1 , N2 - OSPF XSSA external type 2 



CCIE R&S by NarMk Kuehariaiw Advanced CCIE R&S Work Book 2.0 Page 494 of 1068 

C2QQ9 >iarbik Kuchiriani. All righu raervetl 











El - OSPF external type 1, E2 - OSPF external t>pc2 
i - IS-IS, su - IS-IS summary, LI - 1S-1S lcvcl-i,*L2 - IS-IS lcvcl-2 
ia - IS- IS inter area. * - candidate default, L' - per- user static route 
o - ODR. P -periodic downloaded static route 

Gateway of last resort is not set 

C 1.0.0. 0/8 i s di roc t h, r co n n cc ted , Log p b ac kO 

2.0.0.0 8 [110'65]'via 10.1.122,00:00:16, ScrialO/0.12 

O 3.0.0.0/8 [110 66] via 10.1.122, 00:00:16, ScrialO/0.12 

10.1.0.024 issubnetted, 2 subnets 
C 10. 1.12.0 isd ircctly connected, ScrialO/0. 12 
O 10. 123.0 [11 0/65 J via 10. 1.122, 00:00:1 6, Serial 0/0. 12 






Task 2 

Configure Rl such that it advertises a cost of 20 tor it's loopback interface. 






You should check the cost ol ne-hvork 1.0.0.0 /8 that is advertised to R2 by Rl. 

On R2 

R2"Sho\v ip route 

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP 

D - EIGRP, EX -E1GRP external, O - OSPF, IA - OSPF inter area 
XI - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 
El - OSPF external type 1, E2 - OSPF external type 2 
i - IS-IS, su - IS-IS summary, LI - 1S-1S lcvcl-l,"L2 - IS-IS lcvcl-2 
ia - IS-IS inter area. * - candidate default, L' - per- user static route 
o - ODR. P -periodic downloaded static route 

Gateway of last resort is not set 

O 1.0.0.0/8 [110/65] via 10.1.12.1,00:01:24, ScrialO/0.21 

C 2.0.0.0/8 is directly connected, LoopbackO 

O 3.0.0.0/8 [ 110/2] via 10.1 .23.3, 00:0 1 :24, FastEthcrnctO/0 

1 11 1 .0.0 24 is subnet ted, 2 subnets 
C 10. 1.12.0 is directly connected, ScrialO/0.21 
C 1 0. 1 23.0 is directly connected, FastEthcrnctO 




cc 


IE R&* b> Narbik KoeharLans Advanced CCIE R&S Work Book 2.0 Page 495 of It 

C 2009 Narbik. Koch* ruins. All rijhu raerved 


)6S 



Note, the cost of the loophack interface is 65: this is the result of ad dint; the cost oi 
the serial interface (100,000,000 / 1,544,000 = 64, remember to drop the decimal 
points) plus the cost of the loopback interface (100,000,000 / 8000,000,000 = 1, 

remember that you can't use decimals, therefore, you should round up to 1), 

Enter the following to change the cost of the loO interface on Rl: 

On Rl 

Rl(config-ii>int loO 

Rl (config-if)£ip ospf cost 20 

To verify the conf'iaumtion: 

On R2 

R2#Show ip route 

Codes: C - connected, S - static, R - RIP, M - mobile, B - BOP 

D - E1GRP, EX -E1GRP external, ■ OSPF, 1A - OSPF inter area 
XI - OSPF NSSA external type I , N2 - OSPF NSSA external type 2 
El - OSPF external type I, E2 - OSPF external type 2 
i - 1S-1S. su - 1S-1S summary, LI - 1S-1S level- 1.L2 - 1S-1S lcvcl-2 
ia - IS-1S inter area. * - candidate default, U - pcr-uscr stalk route 
o ■ ODR, P ■ periodic downloaded static route 

Gateway of last resort is not set 

() 1.0.0.0/8 jl 10/84] via 10. 1. 12. 1, 00:00:07, ScrialO'0.21 

C 2.0.0.0/8 is directly connected, LoopbackO 

O 3.0.0.0/8 [110/2] via 10.1.23.3, 00:00307, FastEthcrnctO/0 

1 0.1 .0.0/24 is SLibnettcd, 2 subnets 
C 1 0. 1 .12.0 is directly connected, ScrialO'0. 21 
C 1 0. 1 .23.0 is directly connected, FastEthcrnctO 

Note, the cost after the configuration is 84, which is the sum of 64 (The cost of the 
serial interface) plus 20 (Which is the cost of the loO interface). 



CCIE R&* by Narvik Kucharians Advanced CC1E R&S Work Book 2.0 Page 496 of 1068 

C2009 >iarl>ik Kucha rianx All rijjhu raerved 





Task 3 

In the future a gigabit interface will be installed on one of the routers in this routing 
domain. Ensure that the costs of the other interfaces arc adjusted proportionally. 






On All Routers 

(config-if)#routcrospf 1 

(config-ro utcr")** auto- cost reference-bandwidth 1000 

#Clcar ip ospf proc 

Reset AL L OSPF processes? [no J: y 

By default, OSPF calculates the cost of an interface by dividing the bandwidth of the 
interface into 10(1 million. Using the default value, when your network has interfaces 
with a bandwidth greater than 100 million is not recommended, because, OSPF will 
not be able to differentiate between lOOmbps interface and an interface with a 
bandwidth that is greater than lOOmbps, "IP OSPF COST" command enables you 
to change the OSPF cost for an interface, but a better way to accomplish this is to 
change the default reference value used to calculate the OSPF cost of an interface. 
This value can be modified using the command "auto-cost reference-bandwidth". If 
you are planning to use this command, remember that every router in the OSPF 
routing domain must be configured as well. 






Task 4 

Remove the command configured in task3. 






On All Routers 

( co nlig-ifjrrro Liter ospf 1 

(config-routcr)#NO auto-cost reference-bandwidth 1000 

(config)#End 

#Clcar ip ospf proc 

Reset ALL OSPF processes? [no J: y 




cc 


IE R&<> b) Narbik KocharLans Advanced CCIE R&S Work Book 2.0 Page 49? of It 

C 2009 Narbik Kucha rianx All rkjhu re«erved 


)68 



Task 5 

Configure the routers such that the Fast Ethernet interface of these routers will have a 
cost of 70. The other interfaces should have their cost calculated proportionally. 



On All Routers 

(config-rautcr)#roLitcr ospf 1 

i .:un] : .ir-[-;jLii ltj^ auto- cost reference-ban duidtli 7000 

The equation used by OSPF is as follows: 

Reference.' Ban dv^idth = Cost 

Rearranging the formula, we get the following equation: 

Reference = Cost X Bandwidth = 7(1 X 100,000.000 = 7,0011,000,000 

Reference is in units of Mbps, and by default its set to 100 which means 100,000,000 
bps, now we have to divide the result by 1000,000 to get the actual reference, which 
is 7000. 

So the cost reference should be changed to 7000 
To verify the config uratiun: 

On K3 

R 3;* Show ip ospf in t tD/Q 

FastEthcrnctuVO is up, line protocol is up 

Internet Address 10.1.23.3/24, ArcaO 

Process ID L Router ID 3.3.3.3 r Network Type BROADCAST, Cost: 70 

Transmit Delay is 1 sec, State BDR, Priority 1 
(The rest of the output is omitted) 



Task 6 

Erase the startup config and reload the routers before proceeding to the next lab. 



CCIE R&$ by \nrUk KucharLuiw Advanced CCIE R&S Work Book 2.0 Page 498 of 1068 

£ 2009 Marbik Kucha rianx All rijhu raerved 




\ 



Area 



/ 



s 



l.al> setup: 



^ C o n iia u rc R2 ' FO/0 and R3 ! s F 0/0 in V L AN" 23 



■- 



> Configure the frame-relay connection between R I, R2 and R3. R4 in a point-to- 
point manner. 



CCIE R&5> by Narvik Kuehariaiw Advanced CCIE R&S Work Book 2.0 

C2009 Varbik Kucha riani. All rijjhu rciervcil 



Page 499 of 1068 



I V Addressing 



Router 


Interface 


IP address 


Area 


Rl 


I ..::. IJ 


1.1.0.1/24 


Area 1 




Lol 


1.1.1.1/24 


Area 1 




Lo2 


1.1.2.1/24 


Area 1 




Lo3 


1.1.3.1/24 


Area 1 




SO/0.12 


10.1.12.1 /24 


Area 1 


R2 


Lfifl 


2,2,2,2 K 


Area 




SO/0.21 


10.1.12.2/24 


Area 1 




FO/0 


10. 1.23.2 ,'24 


Area 


R3 


LoO 


3.333 m 


Area 




SO/0.34 


10.1.34.3/24 


Area 2 




PO/O 


10. 1.23.3 ,.24 


Area 


R4 


LoO 


4.4.0.4 '24 


External 




LciL 


4.4.1.4/24 


External 




L«2 


4.4.2.4/24 


External 




Lo3 


4.4.3.4 '24 


External 




Lo4 


4.4.4.4 24 


.Area 2 




SO .'0.43 


10.1.34.4/24 


Area 2 



Task I 



Configure the routers as follows: 



P 



r 



R4 should redistribute the lour loopback interlaces (4.4.0.4 .'24 -4.4.3.4 .'24) in 

the OSPF routing domain. 

R4 should advertise it's Loopback 4 and Frame-relay interlace in Area 2. 

R 1 should advertise all of its interfaces an OSPF area 1 . 

R2 should advertise itsLoopbackO. F0 /'() interface in area and the frame-relay 

interlace in area I . 

R3 should advertise its LoopbackO, F0.0 interface in area 0, and its frame- relay 

interlace in area 2. 



On Rl 

R!(config)#routcrospf 1 

Rl (c o n fig-router)?* nctw 0.0.0.0 0.0.0.0 area 1 

On R2 

R2(config)#ro Liter ospf 1 
R2iconfia-routcr)snct\v 2.2.2.2 0.0.0.0 arc 



CCIE R&*» b) Narblk KuLhariaiw Achunard CCIE RJfcS Work Book 2.11 

C 2009 Varbik Kucha runt. All rig h la reserved 



Page 500 of 1068 



R2(config-routcr)#nctw 10.1.23.2 0.0.0.0 arc 
R2i;config-routcr)£nctw 10. 1. 12.2 0.0.0.0 arc 1 

On R3 

R 3 ( c o n fig)#ro liter o sp f I 
R3[config-rautcr)f*nctw 3.3.3.3 0.0.0.0 area 
R3i;config-routcr)**nctw 10.1.23.3 0.0.0.0 arcaO 
R3i;config-router)#nctw 1 0. 1.34.3 0.0.0.0 area 2 

On R4 

R4(config)#acccss-list 4 permit 4.4.0.0 0.0.3.255 

R4(config)**ra Lite- map TEST permit 10 
R4(c on fig-route- map)** match ip addr 4 

R4(config-if)#routcr ospf 1 
R4(config-routcr)#nctw 4.4.4.4 0.0.0.0 arc 2 
R4(config-routcr)#nctw 10.1.34.4 0.0.0.0 arc 2 
R4(config-routcr)#rcdistributc connected subnets route-map TEST 

When redistributing routes into OSPF, the subnets keyword will redistribute all the 

subnets into OSPF. if this kej w ord is omitted, then only elassful networks \vill be 
redistributed into OSPF. 



Task 2 

Configure the OSPF routers such that the external routes arc summarized. 



On K4 

R4(config)rrrouterospf 1 

R4 fc o n fig-ro u tcr)#su mmary -add re ss 4 . 4 . .0 25 5 .2 5 5 .2 52 .0 

In OSPF, summarization can be configured on two types of routers: ABR.'s 
and/or ASBRs. The internal OSPF routes can only be summarized on ABRs 
whereas the external (redistributed) routes can only be summarized on ASBRs. 
When summarizing internal routes on ABRs the "area xx range"* command must 
be used, where xx is the area id. Summarization on ASBR can be accomplished 
by using the "summary-address" command. 



CCIE R&^ by Narhlk kucharians AdtuicedCCIE R&S Work Book 2.11 Page SQ1 of 1068 

C2009 NarbikKocharuiiu. All riflhU raerved 



To verify the configuration: 

On R3 

R3#Show ip route 

Codes: C - connected, S - Static, R - RIP, M - mobile, B - BGP 

D - E1GRP, EX - E 1GRP external, - OSPF, ] A - OSPF inter area 
M - OSPF NSSA external type I , N2 - OSPF NSSA external type 2 
El - OSPF external type 1, E2 - OSPF external t>pc2 
i - IS-1S, su - 1S-1S summary, LI - 1S-1S lcvcl-l,'L2 - 1S-1S lcvcl-2 
ia - IS-1S inter area, * - candidate default, L* - pcr-uscr static route 
o - ODR, P - periodic downloaded static route 

Gatftway of last re sort is not set 

1 .0.0.0/32 is subnetted, 4 subnets 
OIA 1. 1. I.I L 1 10/66] via 10.1.23.2, 00: 13: 18, FastEthcrnctQ-'O 
O IA 1 . 1 . 0. 1 [ 1 10/66] via 10.1 .23.2, 00: 1 3: 1 8, FastEthcrnctO 
OIA 1 . 1 . 3. 1 [ 1 1 0/66] via 10.1 .23.2, DO: 1 3:1 8, FastEthcrnctO/0 
OIA 1 . 1 . 2 . 1 [ 1 1 0/6 6] via 1 . 1 . 23 . 2 , 00 : 13: 1 8, FastEt hcrnctO/0 

2.0.O.O'32 is subnetted, I subnets 
O 2222 [110/2] via 10.1.232, 00:13:50, FastEthcrnctO/0 
C 3.0.0.0/8 is directly connected, LoopbackO 

4.0.0.0/8 is variably submitted, 2 subnets, 2 masks 
() 4.4.4.4/32 1110/651 via 10.1.34.4, 00:13: 19, SerialO/0.34 
C) E2 4.4.0.0/22 |U0/20| via 10.1.34.4, 00:00:06, SerialO/0.34 

1 0. 1 .0.0/24 is subnetted, 3 subnets 
O LA 10. 1. 12.0 [110/65] via 10.123.2,00:13:19, FastEthcrnctO/ 
C 10. 1 .23.0 is directly connected, FastEthcrnctO. 
C 1 0. 1 .34.0 is directly connected, Serial 0/0. 34 

Note the external routes are summarized. 



Task 3 

Configure Area 1 such that networks (1.1.0.0 24, I.I. 1.0 24, 1.1.2.0/24 and 1.1.3.0 ,24) 
arc summarized into the OSPF routing domain. 



On R2 



CCIE R&5* by NarWk Kuc-harians Advanced CCIE R&S Work Book 2.0 Page 502 of 1068 

C2009 Narvik Kochariaiu. All rig h Unnerved 



R2(config-routcr)#routcr ospf 1 
R2(config-routcr)#arca 1 range 1.1.0.0 255.255.252.0 

Note these routes are originated by Rl, but they can only be summarized by the 
ABR, in this topology the ABR is R2. Since the routes that are being summarized 
originated in area 1, the "area range" command must specify the area "area 1 
ran ae '' followed by the summary network address (1.1.0.(1) and then the subnet 
mask (255.255.252.0). 



Task 4 

The routers should NOT install a null route in the routing table when they summarize 
internal or externa! routes. 



In OSPF, the discard route is created automatically whenever a summary route is 
configured, there are rWB types of summary routes: Internal and External. 
When internal summary routes are configured, OSPF will inject an internal discard 
route, and \*hen an external summary route is configured, the OSPF process xn.il I create 
an external discard route. The discard routes are created to stop fonvarding loops. 

On R2 

R2#Show ip route 

Codes: C - connected, S - static. R - RIP. M - mobile. B - BOP 

D - EIGRP, EX -EIGRP external, - OSPF, LA - OSPF inter area 
M - OSPF NSSA external type I , N"2 - OSPF NSSA external type 2 
El - OSPF external type I, E2 - OSPF external type 2 
i - IS-1S, su - 1S-1S summary, LI - 1S-IS level- 1, L2 - IS-1S lcvcl-2 
ia - IS- IS inter area;, * - candidate default, U - per- user static route 
o - ODR. P -periodic downloaded static route 

Gateway of last resort is not set This is the internal discard route 



1.0.0.0/8 is variably subnetted, 5 subnets, 2 masl 

1. 1.1.1/32 [11Q/65] via 10.1. 12. 1,00:1 3:53,£efial0 0.21 

O 1.1.0.0/22 is a summary, 00:13:53, Nu 110 

1.1.0. 1/32 [ 1 1 Q'65J via 10.1. 12. 1, 00: 1 3:53, Serial 0/0.21 

1 . 1.3. 1/32 [1 1065] via 10.1. 12.1, 00:13:53, Serial 0/0. 21 

O 1 . 1.2.1/32 [1 10'o5] via 10.1 . 12. 1, 00:13:53, ScrialQ/0.21 

C 2.0.0.0 8 isdircctly connected, LoopbackO 



CCIE R&$ by Narbik Koehariaiis Advanced CC1E R&S Work Book 2.11 Page 503 of 1068 

C 2009 MirbikKuchiriiiM. All riflhU rcirrved 



3.0.0.0/32 is subncttcd, I subnets 
3.3.3.3 [110/2] via 10.1.23.3,00:13:54, FastEthcrnctO. 

4.0.0.0/8 is variably subncttcd., 2 subnets. 2 masks 
1 A 4.4.4.4/32 [ 110/66] via 10.1 .23.3, CO: 1 3:54, FastEthernctO/0 
O E2 4.4.0. Q'22 [110/20] via 10.1.23.3, 00:13:54, FastEthernctO'O 

10.1.0.0/24 is subncttcd, 3 subnets 
C 1 0. 1 .12.0 is directly connected, ScrialO/0.21 

C 10. 1 23.0 is directly connected, FastEthcrnctO/0 

O IA 10.1.34.0 [11 0/65]" via 10.1.23.3, 00:13:55, FastEthcmctO/0 

On R2 

R2(config)#routcrospf I 
R2iconf]g-routcr)#N(> discard- route internal 

The discard route that we are discarding is the result of summarizing the internal 
routes, therefore we need to specify internal. 

To Verify thi' configuration: 



On K4 

R4 (c o n fig)#ro u t cr o sp f 1 
R4(config-routcr)r#N(> discard-i"oute external 

In the above command we are discarding the external discard-route that was created as 
a result of summarizing the external mutes. 



TaskS 

Erase the startup con fig and reload the routers before proceeding to the next lab. 



CCIE R&«> by NflrbJk KuehariaiH Advanced CCIE R&S Work Book 2.0 Page S04afJ068 

C 2009 Narbik Kucha rians. All rijjhu rcirncd 



1 v 


irtuul-l 


Lab 6 
inks and GRE T 


U 11 IK' Is 


I 



Area 3 



Area 1 




AreaO 



AreaO 



L.ali Set up: 

>" L'sc the IP addressing chart below to assign IP addresses to the interfaces. 

> The frame-relay connection between Rl and R2 should be configured in a point- 

ii.j-pi.vni manner. 

> R2 and R3's FO/0 interface should be configured in VLAN 23. 

J* 1, The frame-relay connection between R3 and R4 should be configured in a point- 
to-point manner. 

> R4 and R5's FO/0 interface should be configured in VLAN 45. 



CCIE R&<> by Narbik Kuchariuiw Advanced CCIE R&S Work Book 2.0 

C2009 \ir bib Kucha runt. All riflhU reserved 



Page SOS of 1068 



IP Addressing: 



Router 


Interface 


IP address 


Ri 


LoO 


1.1.1.1 ,24 




Lol 


10.1. I.I 24 




F R interface 


10.1.12.1 /24 


R2 


LoO 


2.2.2.2/24 




Lol 


20.2.2.2/24 




FO'O 


10.1.23.2 /24 




F/R interface 


10.1.12.2 '24 


R3 


LdO 


3.3.3.3/24 




Lol 


30.3.3.3 ^4 




FO/0 


10.1.213/24 




F R interlace 


10. 1.34. 3. 24 


R4 


LoO 


4.4.4.4/24 




Lol 


40.4.4.4 .'24 




FO'O 


10.1.45.4 '24 




F/R interlace 


10.1.34.4 ,'24 


R5 


LoO 


5 5 s s f24 




FO 


1 0.1. 4 5. 5. '24 



Task I 



> R I's Loop back I interface should be advertised in area 3 and its Frame- re lay and 
LoopbackO interface should be advertised in area 1 

> R2 : s LoopbackO and its frame- relay interface should be configured in area 1 and 
it's Loopbackl and FO'O interface should be configured in area 

3** R3's LoopbackO and FO'O interface should be configured in arcaO and its frame- 
relay and Loopbackl interface should be configured in area 2. 

5* R4's frame-relay and LoopbackO interface should be configured in area 2 and its 
F0/0 and Loopbackl interface should be configured in area 4. 

> R5's Loopback and F0/0 interlace should be configured in area 4. 



On RI 

Rl(config-if)#routcr ospf I 
R I (config-routcr)#routcr-id 



CCIE R&!s bv Narblk kuctiariank 



Advanced CCIE R&<* Wurk Book 2.0 

C 2009 \arl>ik Kucha riant. All rnjhb raerved 



Page 5Q6 of 1068 



config-routcr^nctw 10. 1. 1. 1 0.0.0.0 arc 3 
config-routcr}#nctw 10.1.12.1 0.0.0.0 arc 1 



Rli; 
Rli; 

RI(config-routcr)r*nct\v I.I. I.I 0.0.0.0 arc 1 



On R2 

R2(config)rrro Liter ospf I 
R2(config-ro Liter)?* router- id 2.2.2.2 
R2(config-routcr)#nctw 10.1.12.2 0.0.0.0 arc I 
R2i;config-routcr)#nctw 2.2.22 0.0.0.0 arc I 
R2i;conrig-roLitcr)#nct\v 1 0. 1.23.2 0.0.0.0 arc 
R2(config-routcr)*nctw 20.2.2.2 0.0.0.0 arc 

On R3 

R 3 i c o n fig- if)#ro ut cr o sp f I 
R3ieonfig-routcr)#routcr-id 3.3.3.3 
R3i;config-routcr)#nctw 10.1.23.3 0.0.0.0 arc 
R3 (con fig-ro utcr)#nctw 3.3.3.3 0.0.0.0 arc 
R3(confignroutcr)#nct\v 10. 1.34.3 0.0.0.0 arc 2 
R3i;config-routcr)f*nct\v 30.3.3.3 0.0.0.0 arc 2 

On R4 

R4(config)#routcrospf 1 
R4(config-rou ter)#routcr-id 4.4.4.4 
R4(config-routcr)#nctw 10.1.34.4 0.0.0.0 area 2 
R4(config-routcr)#nct\v 4.4.4.4 0.0.0.0 arc 2 
R4(config-routcr)#nctw 10.1.45.4 0.0.0.0 arc 4 
R4(config-routcr)#nctw 40.4.4.4 0.0.0.0 arc 4 

On R5 

R 5 ic o n fig)#ro u t cr o sp 1" I 
R5 (c o n fig-ro li tcr)#ra ut cr- id 5.5.5.5 
R5i;eonfig-router)#nctw 10.1.45.5 0.0.0.0 arc 4 
R5 (con fig-ro utcr)#nctw 5.5.5.5 0.0.0.0 arc 4 



Task 2 

Ensure that the routes from area 3 arc reachable by Rl , R2, R3 and R4. Do NOT use a 
GRE Tunnel to accomplish this task. 

COE R&S by Narbik Kochartans Advanced CCIE R&S Work Book 2.11 Page 507 of 1068 

C MOD Virbik Kucha rum. All rij[hU raervetl 



Area 3 is XOT connected to area 0: the other routers mm*t he ahle to see the 

route advertised by this area (10.1.1.0 .' 24). A virtual-link must he created that 

connects Rl (The ABR of area 3) to area 0. 

On Rl 



R I (c o n figure) liter sp f I 

Rl (config-routcr^arca 1 virtual- link 2 2. 2.2 

On R2 

R2 ( c o n fig)#ro u t cr o sp f I 
R2(config-routcr)p i arca 1 virtual- link I.I.I. I 

To \ 'erify the configuration: 

On R2 

R2#Show ip route 

Codes: C - connected, S • static, R - RIP, M ■ mobile, B - BOP 

D - E1GRP, EX - E 1GRP external, - OSPF, 1 A - OSPF inter area 
XI - OSPF XSSA external type 1 , X2 - OSPF XSSA external type 2 
El - OSPF external type 1. E2 - OSPF external type 2 
i - IS-1S, su - 1S-1S summary, LI - 1S-1S level- 1,'l2 - IS-1S lcvel-2 
ia - IS- IS inter area, * ■ candidate default, L" ■ per- user static route 
o - ODR, P -periodic downloaded static route 

Gateway of last resort is not set 

1 .0.0.0.24 is subnetted, I subnets 
O 1. 1. 1.0 [110/65J via 10.1.12. 1, 00:00:09, ScriaiO 0.21 

2.0.0. Q'24 is subnetted, I subnets 
C 22.2.0 is directly connected, LoopbackO 

3.0.0. 0/24 is subnetted, I subnets 
O 3.3.3.0 [110/2] via 10. 1.233, 03:00:09, FastEthcrnctO/0 

4.0.0.0/24 is subnetted, 1 subnets 
O IA 4.4.4.0 [1 1 0'66j via 10. 1.23.3, 00:00:09, FastEthcrnctO 

20.0.0.0/24 is subnetted, 1 subnets , Xole the mute from area 3 is 

C 20. 2 .2 . is d ircc tly co nn cc t cd , Loo p back-^ ad v e rt i sed 

1 .0 .0 . 0.' 24 i s suh n e It e d, 1 su h ne t s A'""" 
() I A 10.1.1.0 1110/651 via 10.1.12.1, 00:00:00, SerialO/0.21 

10.1.0.0/24 is subnetted, 3 subnets 
C 10.1.12.0 is directly connected, ScriaiO 0.2! 



CCIE R&!s b* Nurbik kuirtiw-iimx 



Ad* rniL-td CCIE R&S Work Book 2.0 

C 2009 Varbik Kucha rianj. All rbjhb reserved 



Page SOS of J068 



c 


1 0. 1 .23.0 


is directly connected. 


FastEthcm 


ctO/0 


OIA 


10.1.34.0 [110/651 via 10.1. 23 


3, 00:00:0 


2. FastEthcmctO 


30.0.0. 0/24 i 


& SLibncttcd, 


I subnets 






OIA 


30.3.3.0 


[110/2] via 


1 0. 1 .23.3, 


00:00:02, 


FastEthcrnctQ'O 



Task 3 

Ensure that all the advertised networks arc reachable by all the routers. L'sc any IP 
addressing and do NOT use a Virtual-link to accomplish this task. 



The routing table of R5 reveals that only network 40.4.4.0 / 24 was propagated by 

R4. The ii' a son lor this behavior is as follows: 

Area 4 does not have a connection (Logical or Physical) to area 0. 

In order to rectify this problem we must create a virtual-link, since virtual-link is 

nut allowed in this task a GRE tunnel must be used. 

To display the routing table of R5 before creating a GRE tunnel; 

On R5 

R5#Show ip route 

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP 

D - E1GRP, EX - E1GRP external, O - OSPF, LA - OSPF inter area 
XI - OSPF XSSA external type 1 . X2 - OSPF XSSA external type 2 
El - OSPF external type 1, E2 - OSPF external type 2 
i - 1S-1S, Su - 1S-1S summary, LI - 1S-1S lcvcl-1, L2 - 1S-1S lcvcl-2 
ia - 1S-1S inter area, * - candidate default, L' - pcr-uscr static route 
o - ODR, P - periodic downloaded static route 

Gateway of last resort is not set 

5.0.0.0/24 is SLibncttcd, 1 subnets 
C 5.5.5.0 is directly connected, LoopbackO 

40.0.0.0/24 is SLibncttcd, I subnets 
() 40.4.4.0 ' [110/2] via 10.1.45.4, 00:04:00, FaslEthernetO/0 

10.1.0.0/24 is SLibncttcd, 1 subnets 
C 1 0. 1 .45.0 is directly connected, FastEthcrnetO/0 

To fix this problem we must create a GRE tunnel as follows: 



CCIE R&«* by N'Hi-Uk Kucharians Advanced CCIE R&S Work Book 2.0 Page 509o/1068 

CM(H Narbik Koch* runs. All riflhU rnerved 



On K4 

R4 (con fig- if)#ro Liter ospf 1 
R4(config-routcr)#nctw 200.1 .34.4 0.0.0.0 arc 

R4(config)#int tul 

R4(config-if)#ip addr 200. 1.34.4 255.255.255.0 
R4(config-if)#tunncl so urce 1 0. 1. 34.4 
R4(config-if)#tunncl destination 1 0. 1. 34.3 

On R3 

R 3 (eon fig)#ro u t cr o sp f I 
R3(eonfig-roLitcr)#nct\v 200. 1 .34.3 0.0.0.0 arc 

R3(config)#int tul 

R3(config-ilVip addr 200.1.34.3 255.255.255.0 
R3 (c o n fig- if )#tu nnc 1 so urcc 1 . 1 . 34. 3 
R3(config-if)#tunncl destination 1 0. 1. 34.4 

To Verify the configuration: 

On R5 

R5#Show ip route 

Codes: C - connected, S - static, R - RIP, M - mobile, B - BOP 

D - E1GRP, EX -E1GRP external O - OSPF, LA - OSPF inter area 
XI - OSPF XSSA external type I , N2 - OSPF XSSA external type 2 
El - OSPF external type 1, E2 - OSPF external type 2 
i - IS-IS, su - 1S-1S summary, LI - 1S-1S lcvcl-1, L2 - IS-1S lcvcl-2 
ia - IS- IS inter area. * - candidate default, U - per- user static route 
o - ODR. P -periodic downloaded static route 

C3 ate way of last resort is not set 

1.0.0.0/24 issubnetted, 1 subnets 
O 1 A 1 . 1 . 1 . [ 1 1 ' 1 1 1 78] via 1 0. 1 .45.4, 00:00:07, FastEthcrnctO/0 

2.0.0.0/24 is sub net ted, I subnets 
O 1 A 2.2.2.0 [110, 1 1 1 14] via 10.1 .45.4, 00:00:07, FastEthcrnctO/0 

3.0.0.0/24 issubnetted, 1 subnets 
O IA 3 . 3. 3. [ 1 1 1 1 1 1 3 J via 1 . 1 . 45 . 4 , 00 : 00 : 7 , FastE thcrnctO/0 

4.0.0.0 24 issubnetted, 1 subnets 
() [A 4.4.4.0 [110 2; via 10.1.45.4,00:00:47, FastEthcrnctO 



COE R&S by NarMk Kuchariuiw Advanced CCIE R&S Work Book 2.0 Page SI0afl068 

C2Q09 Narhik Kuchiriani. All rijjhu raervctl 











1A 200. 1.34.0/24 [110/1 1112] via 10.1.45.4, 003(30:47, FastEthcrnctO/0 

20.0.0.0/24 is subnet ted 1 subnets 
1A 2022.0 [110 111 14] via 10.1.45.4, 00:00:08, FastEthcrnctQ'O 

5.0.0.0/24 is subnetted, 1 subnets 
C 5.5.5.0 is directly connected. LoopbackO 

40. 0.0. 0/24 is subnetted 1 subnets 
O 40.4.4.0 [110/2] via 10.1.45.4, 00:00:49, FastEthcrnctO 

10.0.0.0/24 is subnetted, 1 subnets 
QlA 10.1.1.0 [110/11 178] via 10.1.45.4,00:00:09, FastEthcrnctO'O 

10.1.0.Q'24 is subnetted 4 subnets 
O 1A 10.1.12.0 [110 1 1 177] via 10. 1.45.4, 00:00:09, FastEthcrnctO/0 
OIA 10.123.0 [110/1 11 13] via 10.1.45.4,00:00:09, FastEthcrnctO'O 
IA 10.1.34.0 [110/65] via 10.1.45.4, 00:00:49, FastEthcrnctO, 
C 1 0. 1 .45.0 is d irCctly connected, FastEthcrnctO/0 

30.0.0.0/24 is subnetted I subnets 
O 1 A 30.3.3.0 [1 10/66] via 10.1.45.4, 00:00:49, FastE thcrnctO/0 

Note all the routes are advertised. The IP address of the tunnel interface MUST be 
advertised in area or else the tunnel will not work. 






Task 4 

Remove the configuration from the previous task and replace it with virtual- link. 






On R4 

R4 (con fig- if)#ro titer ospf 1 

R4(config-routcr)#\0 nerw 2(1(1.1.34.4 0.0.0.0 are 

R4(config)#\Ointtul 

R4 (c o n fig)#ro uter o sp f 1 

R4 (c o n fig-ro u ter)#arca 2 vi rtua 1- li nk 3.3.3.3 

On R3 

R 3 (con fig-ro Liter ospf 1 

R3(config.routcr)#\0 netw 2(1(1.1.34.3 (1.0.0.0 are 

R3(config)#\Ointtul 




cc 


IE R&* bj Narbik Koeharians Advanced CCIE R&S Work Book 2.0 Page Sll of It 

C2009 N»rbik Koch* riira. All riflhU raerved 


)68 











R3(config)#routcrospt'' 1 
R3(config-routcr)#arca 2 virtual- link 4.4.4.4 






I ask 5 

Configure a simple clear text authentication tor the virtual-link that connects area 3 to 
area 0. Use "Cisco 1 ' as the password 






On m 

Rl (config)#ro utcr ospf 1 

RI(config-routcr)#arca 1 virtual-link 2J2.2.2 authentication 

Rl (config-routcr)#arca 1 \irtual-link 2.2.2.2 authentication -key Cisco 

On R2 

R2(config)#routcrospf 1 

R2(config-routcr)#arca 1 virtual-link 1.1.1.1 authentication 

R2(config-routcr)r i arca 1 virtual-link 1.1.1.1 authentication -key Cisco 






Task 6 

Configure \iD5 authentication lor the virtual-link that connects area 4 to area 0. use 
"eisco" as the password. 






On R4 

R4 ( jc o n fig )# ro ut cr o sp f 1 

R4(config-routcr)#arca 2 virtual-link 3.3.3.3 authentication message-digest 

R4(config-routcr)#arca 2 virtual-link 3.3.3.3 message-digest -key 1 md.5 eisco 

On R3 

R 3 (c o n fig )#ro u t cr o sp f 1 

R3(config-routcr)r i arca 2 virtual- link 4.4.4.4 authentication message-digest 

R3(config-rautcr)T*arca 2 virtual-link 4.4.4.4 mcssagc-digcst4<;cy 1 md5 cisco 




cc 


IE R&* b) Narbik Kocharians Advanced CCIE R&S Work Book 2.0 Page Stlaflt 

£ 2009 Narbik Koch* runs. All rij|hU rcirrvwl 


>6S 



Task 7 

Change the password frcnn "Cisco" to "CCIE" for the virtual-link that connects area 4 to 
area 0, without interrupting the link. 



On R4 












R4 (con fig )#ro Liter ospf 1 












R4(config-routcr)r*arca 2 virtual-link 3.3.3.3 


message- 


d igest-key 2 


mdSCClE 


On K3 












R3(config)#ro Liter ospf 1 












R 3 ( c o n fig-ro u t cr ) #ar ca 2 


virtual- link 4.4.4.4 


message- 


digest -key 2 


md5 


CCIE 



TaskS 

Erase the startup con fig and reload the routers before proceeding to the next lab. 



CCIE R&5> by \nrUk Kuehariaiw Advanced CCIE R&S Work Book 2.0 Page SIS of 1068 

C 2009 Narbik Kucha riaiu. All rijjhu rcirncd 



Lab 7 
OSPF Stub, Totally Stubby, and NSSA Areas 



Area 1 




Lab Setup: 

> R4 and R5's FQ/Q interface should be configured in VLAN 45. 

> R2 and R3's FO/0 interface should be configured in VLAN 23. 

> The frame-relay connection between RI. R2 and R3. R4 should be configured in a 
point-to-point manner. 

> Use the IP addressing chart below to assign IP addresses to the routers. 



CCIE R&5> by Narvik Kuehariaiw Advanced CCIE R&S Work Book 2.0 

C2009 Varbik Kucha riani. All rijjhu rciervcil 



Page SI 4 of 1068 



IP Addressing: 



Router 


Interface 


IP address 


Ri 


LoO 
SO 0.12 


1.1.1.1 24 
10.1.12.1 24 


R2 


LoO 
Lol 
FO/0 
SO/0.21 


m? : v ? , 4 

22.2.2.2 -24 

10.1.23.2/24 

10.1.12.2/24 


R3 


LoO 
FO/0 

SO 0.34 


J ft j j J ' — r 

10.1.23.3 24 
10.1.34.3 24 


R4 


LoO 
Lol 
FO/0 
SO/0.43 


4.4.4.4 ,24 
44.4.4.4 tl4 
10.1.45.4/24 
10.1.34.4 24 


R5 


LoO 
FO/0 


§ S s § ^4 

10.1.45.5, 24 



I ask I 

Configure OSPF as follows: 
>• Configure Rl's LoopbackO and Frame- relay interlace in area 1 

> Configure R2's LoopbackO and Frame-relay interface in area 1 and R2 : s 
Loopback! and FO/0 interface should be configured in arcaO. 

£■ Configure R3's LoopbackO. F0/0, and Frame- relay interface in OSPF area 0. 

> Configure R4's LoopbackO, and Frame- relay interface in area 0, and it's 
Loopback 1 and FO/0 in OSPF area 2. 

'<r Configure R5 ! s LoopbackO and F0/0 interface in OSPF area 2. 

^ The loopback interfaces must be advertised with their correct mask. 



On kl 

Rl(config)#routcrospl* I 
Rlfconfig-routcr^nctw 1. 1. I.I 0.0.0.0 are 1 
Rl(cpnfig-routcr)*nct\v 10. 1.12.1 0.0.0.0 arc 



CCIE R&Sbj Nar Ink ku char ians AdtunccdCCIE R&S Work Buuk 2.IJ 

C2009 Var bib Kucha runt. All rnjhU raerved 



Page SI 5 of 1068 



Rlfconfig^lntcrfacc Lot) 

Rl (config-if)f*]p ospf network point-to-point 

On R2 

R2(config-if)#roLitcr ospt" 1 
R2(conf]g-routcr)#nctw 2X12 0.0.0.0 area 1 
R2i;config-routcr)#nctw 22.2.2.2 0.0.0.0 arc 
R2i;config-routcr)#nctw 10.1.12.2 0.0.0.0 arc 1 
R2i;config-routcr)#nctw 1 0. 1.23.2 0.0.0.0 arc 

R2(config)#Interiace LoO 

R2(config-if)#]p ospf network point-to-point 

R2(config')#]ntcrface Lol 

R2(config-if)#]p ospf network point-to-point 

On R3 

R3('config-if)rfrt)Litcr ospf 1 
R3(config-routcr)#nctw 3.3.3.3 0.0.0.0 are 
R3(config-routcr)#nctw 10.1.23.3 0.0.0.0 arc 
R3i;config-router)^nctw 1 0. 1.34.3 0.0.0.0 arc 

R3i;config)#Interiacc LoO 

R3(config-if)#]p ospf network point-to-point 

On K4 

R4 (con fig- ifWro utcr ospf 1 
R4 (c o n fig-ro u tcr)#nctw 4 . 4. 4 .4 . 0. 0. arc 
R4(eonfig-routcr)#nctw 10. 1.34.4 0.0.0.0 arc 
R4(config-roLitcr)fi ! nctw 44.4.4.4 0.0.0.0 arc 2 
R4i;config-routcr)#nctw 10.1.45.4 0.0.0.0 arc 2 

R4(eonfig)#]ntcriaec LoO 

R4ieonfig-if)#]p ospf network point-to-point 

R4(config)#]ntcrfacc Lol 

R4(config-if)f*]p ospf network point-to-point 

On R5 

R5(config-if)#routcr ospf 1 



CCIE R&S by Narbik Kueharians Advanced CC1E R&S Work Book 2.11 Page SI6afl068 

E £009 Narbik Kuchariani. All rig lib rcirrvcii 



Rficonfig-routcr^nctw 5.5.5.5 0.0.0.0 arc 2 
R5(config-routcr)r#nctw 1 0. 1.45.5 0.0.0.0 arc 2 

R5(config)#]ntcrikcc LoO 

R5(config-if)f*]p ospf network point-to-point 



I ask 2 



Configure area 1 such that it docs not receive LSA types 4 and 5. 



On kl 

R! (config)#ro Liter ospf I 
R](config-roLitcr)r*arca 1 stub 

On K2 

R2 (c o n fig )#ro Liter ospf 1 
R2(config-routcr)#arca I stub 

Important points to understand about a STUB area: 

> A STUB area can nut be a transit area for Virtual link but a GRE tunnel can 
be used instead. 

'* A STUB area can not have an ASBR. 

> The back bone area can not be configured as a STUB area. 

> Every router and the ABR of that area should have " area \x stub" 
command. 

> No LSA type 5 (El, or E2) is allowed in a STUB area, but the routers, in the 
STUB area can connect to the External mutes via the default mute that is 
injected in the area by the ABR. 

> By default, the cost of the default mute is 1: this can be verified by "Show ip 
ospf ", and Show ip route. The cost of the default route can be changed by 

" area \\ dul'auU-cost cc ". nhere w in (he filffta number, and ee is (he desired 
cost 



CCIE R&$ by Nar bik Kochar Lara Advanced CCIE R&S Work Book 2.0 Page 51? of 1068 

C 3009 Xarbik Kucha runi. All rig lib rtservetl 





Task 3 

Area 2 should not receive LSA types 3, 4 and 5. 






On R5 

R 5 (c o n figure u t cr o sp f 1 
R5(confag-routcr)#arca 2 stub 

The above command must be configured on all the routers within this area. 

On R4 

R4 ( c o n figure u t cr o sp f 1 
R4(config-router)#arca 2 stub no-summary 

The above command must only be configured on the A BR of this area. 

Note you can reduce the routing table further by configuring an area as totally 
stubby. Since all the I A and E (Inter-area and External) routes are reached t lire ugh 
the A BR and the ABR has injected a dei'ault route into the area, there is not reason 
to maintain the IA routes and they should be filtered. 






Task 4 

Crcatc'con figure the following loopback interfaces on Rl and redistribute them into 

OSPF routing domain: 

Lol = II. 1.0.1 /24, Lo2= 11.1.1.1 ..24, Lo3=l 1.1.2. 1/24 and Lo4 = 1 1.1.3.1/24 

After the redistribution, area 1 should only receive and propagate LSA types 1, 2, 3 and 
7. This area should not have the ability to connect to any external routes redistributed else 
where within this routing domain. 






On Rl 

Rl(config)#routcrospf 1 

Rl iconfig-routcr)#M) area 1 stub 

Rl (con tig-rout cr)#arca 1 nssa 

On R2 




cc 


IE R&* b) Narbflc KocharLans Advanced CC1E R&S Work Book 2.0 Page SlSoflt 

C2009 Narhik Kucha rianx All rhjhu reserved 


)6S 



R2(config)#routcrospf' 1 




R2(eonfig-routcr)r*M) area 1 stub 




R2(config-routcr)r 1 arca I nssa 




On kl 




Rl(config-if)#int lol 




Rl fconfig-it>ip addr 11 . 1 .0. 1 255.255255.0 




Rl(confIg-if>int lo2 




Rl (config-if)#ip addr I l.I.I J 255.255.255.0 




R 1 (config-if)#int lo3 




Rl (config-if)#ip addr 11.1 .2.1 255255.255.0 




Rl(config-if)#int lo4 




Rl(config-ii>ip addr 1 1. 1.3.1 255255255.0 




Rl(config)#access-list 1 permit 1 1.1.0.0 0.0.3255 




Rl (configure) Lite- map TEST permit 




R 1 (c o n flg-r o Lite- map )# match ip addr 1 




Rl (configure) Liter ospf 1 




Rlfconfig-routcr)# red is tribute connected route- map TEST sLibncts 




Note when configuring an area as an NSSA area, by default the 0/0 mute will not be 


injected by the A BR of that area. 





Task 5 



Crcatc'configurc the following loopback interfaces on R5 and redistribute them into 

OSPF routing domain: 

Lol = 55.1.0.5/24, Lo2= 55.1. 1.5 24. Lo3=55. 1.2.5/24 and Lo4 = 55.1.3.5 /24 



After the redistribution, the routers in this area should only maintain and propagate LSA 
types 1 , 2, 3, 7 and a default route. 



On K5 

R5(config)#int lol 

R5i;config-if>ip addr 55. 1 .0.5 255255255.0 

R5i;conf1g-if>int lo2 



CCIE R&S by Narbik KueharLans Advanced CCIE R&S Work Book 2.0 Page S19afl068 

C 2009 Varbik Kucha rianx AH rijjhU rcirrvcii 



R5(config-ii>ip addr 55. 1 .1 .5 255.255.255.0 

R5(config-ii>int lo3 

R5(config-if)#ip addr 55.1.2.5 255.255.255.0 

R5(config-if)#int lo4 

R5(config-ii>ip addr 55.1.3.5 255.255.255.0 

R5(config)#acccss-list 1 permit 55.1.0.0 0.0.3.255 

R5(config-if)#routc-map TEST permit 10 
R5(config-routL>map)fi ! miitch ip addr 1 

R 5 1 c o n tig )H ro liter o sp 1' I 

R5(config-routcr)rmo area 2 stub 

R5(conf]g-routcr)r?arca 2 nssa 

R5(config-routcr)rrrcdistributc connected subnets route-map TEST 

On K4 

R4(config)r*ro Liter ospf 1 

R4(config-router)#\0 area 2 stub no-summary,.. 

R4 (con fig-ro Liter)?* area 2 nssa default- in formation -origin ate 

Note when the "area stub no- sum ma. it" command is configured and must he 
removed, the "no area 2 stub no-summary" command will only remove the '"no- 
summary" part of the command. You must remember to enter the "no area 2 Stub" 
command again to remove the entire command. 

R4 ( c o n fig-re u t cr J# N( ) a r e 2 st ub^, 

R4(config-routcr)#area 2 nssa default-information-originate 

Note the default-information-originate command at the end of area 2 nssa will inject 
a default route into the area. 



Task 6 

Area I should be changed such that it receives and propagates LSA types 1, 2, 7 plus a 
default route. This area should NOT maintain Inter-area mutes, but must have the ability 
to connect to these routes. 



CCIE R&*> by Narbik Kucharians Advanced CCIE R&S Work Book 2.0 Page S20afJ068 

C2009 >iarl>ik Kucha riani. All rijjhu raerved 











On R2 

R2(config)#routcrospf 1 
R2(config-routcr)r*area 1 nssa no-summary 

The- "no-summary" keyword filters the summary LSAs which are the LSA type 3s. 






Task 7 

The defauit route that was injected into area 1 should have a cost of 50. 






On R2 

R2i;conf]g)i*routcrospf I 
R2(config-routcrV#arca 1 default-cost 50 

By default, the cost of the default route injected into a given area is 1: this can he 

verified bv "Slum ip route'" command, re member v>hen looking at the output of the 

"Show ip route'" command, the cost of the default route should he 65, this is the cost 

of the link to the ABR (The frame-relay link) plus 1 (The default cost of the default 

route). 

The default cost of the injected default route can he changed using the "Area xx 

default-cost cc'", where cc is the new cost replacing the default value. 

Note the new cost of the default route after configuring this task should be 114 (64 - 

50). 




TaskS 

Erase the startup con fig and reload the routers before proceeding to the next lab 

CCIE R&*» by Narvik Kucharians Advanced CC1E R&S Work Book 2.0 Page 521 of 1068 

C2009 >iarl>ik Kucha riani. All rijhUi reserved 



Lab 8 -OSPF Filtering 



Area 1 




l.al> Set up: 

• Con figure al 1 frame- relay 00 nncc t k) ns i n a po in t-to -po i nt man ncr. 

• Configure the serial interface connecting Rl to R3 as HDLC. 

• Use the IP addressing scheme below for IP addressing assignment. 



CCIE R&«* by NarMk KucharLuiw Advanced CCIE R&S Work Book 2.0 

£ 3009 >uirbik Kucha riini All rijhu reserved 



PageS22ofJ068 



IP Addressing scheme: 



Routers 


Interface . IP Address 


Connecting to: 


Rl 


SO/0.12-10.1.12.1 .'24 
SO/1 -10.1.13.1 .'24 


R2 
R3 


R2 


SO/0.21- 10.1.12.2/24 
SO/0.23- 10.1.23.2/24 


Rl 

R3 


R3 


SO/0.32- 10.1.23.3/24 
SO/0.34-10.1.34.3/24 

SO/1 -10.1.13.3 ,'24 


R2 
R4 
Rl 


R4 


SO/0.43-10.134.4 '24 
SO/0.45-10.1.45.4 '24 


R3 


R5 


SO/0.54- 10.1.45.5 /24 


R4 



Task I 



Configure RTs Frame-relay interlace to R2, Rl 's HDLC connection to R3. R2 ! s Frame- 
relay connection to Rl and R3. R3 ! s Frame-relay connection to R2 and R3 1 sHDLC 
connection to Rl in Area I. Configure the bandwidth of SO/1 interlace on Rl and R3 to 
I2SK using the "bandwidth" command. 



On Rl 






Rl(config)#IntSO/l 
Rlfconfig-itVBandwidth 128 






R 1 (c o n fig)#ro titer o sp 1* 1 

Rl i;config.routcr)#nctw 10.1.12.1 0.0.0.0 

Rli;config-routcr)#nctw 10.1.13.1 0.0.0.0 


area 1 
area 1 


On R2 






R2(config)#routcr ospf I 
R2(config-routcr)#nct\v 1 0. 1. 12 
R2 (c o n fig-ro u tcr)#nct w 10.1. 23 


2 0.0.0.0 
2 0.0.0.0 


area 1 
area 1 


On R3 






R3(CCnifigJ#Inl SO/1 

R3(config-if)#Band\\idth 1 28 






R3(conf]g .^router ospf I 







CCIE R&S by NarMk Kuehariaiw Advanced CCIE R&S Work Book 2.0 

C2Q09 \arl>ik Kucha riani. All riflhU rtitrs til 



Page 523 of 1068 











R3(ocmfig-routcr)#netw 1 0.1. 13.3 0.0.0.0 area 1 
R3(config-routcr)#nctw 10.1.23.3 0.0.0.0 area 1 

To verify the configuration: 

On RI 

R L#Sliow ip route ospf 

10.0.0. 0/24 i s gu bn et ted 3 sub nets 
C ) ! 0. 1 . 2 3. [ 1 1 0/ 1 2 8 J v ia 1 .1.12 .2 , 00: 00 :44 , ScrialO/0 . 1 2 






Task 2 

Configure R3's frame-relay connection to R4 and R4 ! s Frame-relay connection to R3 in 
Area 0. 






On R3 

R 3 (configure Liter ospf 1 
R3(config-routcr)#nct\v 10.1.34.3 0.0.0.0 area 

On R4 

R4 (con figure Liter ospf 1 
R4(config-router)#nctw 10. 1.34.4 0.0.0.0 area 

I o verify the configuration: 

On R4 

R4#Show ip route ospf 

10.0.0. 0'24 is subnet ted, 5 subnets 
1 A 1 0. 1 . 1 3.0 [1 1 0/845] via 10.1 .34.3, 00:00:35, SerialO'0.43 
1A 10.1.12.0 [110/192] via 10.1.34.3,00:00:35, ScrialO/0.43 
IA 10.L23.0 [110/128] via 10.1.34.3, 00:00:35, ScrialO/0.43 




cc 


IE R&* b) Narbik Kocharians Advanced CCIE R&S Work Book 2.0 Page 524 of It 

C 2009 Narbik. Koch* runs. All rijIiUi raervetl 


)6S 





Task 3 

Configure R4's Frame- re lay connection to R5 and R5 ! s Frame-relay connection to R4 in 
Area 2. 






On R4 

R4 fc o n figure liter o sp f 1 
R4(config-router)#nctw 10.1.45.4 0.0.0.0 area 2 

On R5 

R 5 (c o n fig )# router sp f 1 
R5i;config-routcr)#nct\v 10.1.45.5 0.0.0.0 area 2 

To verify the configuration: 




On R5 

R5#S1icfw ip route ospf* 

10.0.0.0/24 issubnetted, 5 subnets 
OIA 10.1.1 3.0 LI 1 0. 909] via 10.1.45.4, 00:00:37, ScrialO/0.54 
[A 10.1.12.0 |110/256] via 10.1.45.4,00:00:37, ScrialO/0.54 
1A 10.123.0 [110/192] via 10.1.45.4,00:00:37, ScrialO/0.54 
OIA 1 0.1.34.0 [110/128] via 10.1. 45.4, {1:1:00:37, ScrialO/0.54 




Task 4 

Create the following loopback interlaces on Rl and advertise them in Area 1. 
LoopbackO- 1.1.1.1 24 
Loopback I - 1 1.1.1.1 !2A 

Loopback 2- 100.1.1.1 .24 
Loopback 3 - 1 1 1 . 1 . 1 . 1 24 






On RI 

Rl(config)#int loO 

Rli;config-if)#ipaddr 1.1.1.1 255.255.255.0 




cc 


IE R&* bj NflrWk KocharLans Advanced CCIE R&S Work Book 2.0 Page S2Sofli 

C2Q09 Narbik Kucha riaiu. All riflhU rnerved 


168 



Rl(config-il>int lol 

Rl .(config-ii>ip addr 1 1 . 1 . 1 . 1 255.255.255.0 

Rl(config-if)#int lo2 

Rl(config-if)#ipaddr 100. 1. I.I 255255.255.0 

Rl(config-if)*intlo3 

Rl(config-if)#ip addr I I 1. 1. 1.1 255255.255.0 

Rl(eonfig)#routcrospi' I 
Rl (eonfig-routcr^nctw 1.1.1.1 0.0.0.0 area 1 
Rl(config-routcr)#nctw I 1 . 1. 1. 1 0.0.0.0 area I 
Rl(config-routcr)#nctw 100. I.I.I 0.0.0.0 area 1 
Rl(confign:outcr)#nctw I I I.I.I. I 0.0.0.0 arc 1 

To tfst thi' confijjuration: 

On R5 

R5#Show ip route ospf inc 1A 

O I A l.l.l.L 1110/2571 via 10.1.45.4, 00:02:52, SerialO/0.54 

O I A 100.1.1.1 1 110/2571 via 10.1.45.4, 00:02:31, 5erial0/0.54 

OIA 111.1.1.1 |110/2571 via 10.1.45.4, 00:02:31, SerialO/0.54 

1A 10.1.13.0 [110/909] via 10.1.45.4, 00:09:36, ScrialO'0.54 

IA 10.1.12.0 [110/256] via 10.1.45.4, 00:09:36, ScrialO'0.54 

IA 10.1.23.0 [110/192] via 10.1.45.4,00:09:36, ScrialO/0.54 

O IA 10.1.34.0 [110/128] via 10.1.45.4, 00:09:36, ScrialO'0.54 

() I A 1 1.1.1.1 1 1 10/2571 via 10.1.45.4, 00:02:42, SerialO/0.54 



Task 5 

Configure the router-id of the routers based on the following: 

Rl - 1. 1. I.I 
R2 - 2.2.22 
R3- 3.3.3.3 
R4 - 4.4.4.4 

R5- 5.5.5.5 



On Rl 



CCIE R&*> by Narhlk kuirhariaiu Afhuiced CCIE R&S Work Book 2.11 Page S26oflQ68 

C2009 Narbik Kucha riani. All riflliU raerved 



Rl(config)#routcrospf I 

Rl (config-routcr^routcT-id I . I . I . I 

R I "Ccar ip ospfproc 

Reset ALL OSPF processes? [no J: Y 

On R2 

R2(config)#routcrospf I 
R2iconfig-routcr)#routcr-id 2J2.2.2 

R2#Clcar ip ospfproc 

Reset ALL OSPF processes? [no J: Y 

On K3 

R3(config)#routcrospf I 

R3 f c o n fig-ro u t cr )# ro ut cr- id 3.3.3.3 

R3# Clear ip ospfproc 

Reset ALL OSPF processes? [no J: Y 

On K4 

R4(config)#routcrospf 1 

R4 (c o n fig-ro u ter)# ro ut cr- id 4 .4 . 4 .4 

R4rrCicar ip ospfproc 

Reset ALL OSPF processes? [no J: Y 

On K5 

R5(config)-ro Liter ospf I 

R5( con fig -router)?* router- id 5.5.5.5 

R5r*Ocar ip ospfproc 

Reset ALL OSPF processes? [noj: Y 



Task 6 

Configure R2 to filter network 1.1.1.0 .'24 from its routing table. 



CCIE R&$ by Narbik Kucharians Advanced CCIE R&S Work Book 2.0 Page S2? of 1068 

E M09 Narbik Kacharuiiu. All riflhU rcirrvwl 



On R2 

R2*Show ip route 1 .1.1 .0 255.255.255.0 
% Subnet not in tabic 

>o(u (his network is not in (lit. 1 routing table of R2, because the loopback 
interfaces ultl'NOT ad\ ertised with their correct mask. To il\ this problem, 
we should advertise all the loop back interfaces from the previous task with 
their correct mask. Sometimes this can be a problem where an unbelievable 
amount of time is spent looking for a prefix that does not exist. 

On Rl 



Rlfcc.nfig)#int Io0 

Rl (config-if)#ip ospf network point-to-point 

Rl(config-it>int lol 

R I ( c o n fig- if )#i p ospf n ct wo r k po in t-to - po i nt 

Rl(config-ii>int lo2 

Rl (config-if)#ip ospf network point-to-point 

Rl(config-it>int lo3 

Rl (config-if)#ip ospf network point-to-point 

On R2 

R2*Show ip route 1. 1.1.0 255.255.255. 

Routing entry for 1.1.1. 0/24 
Known via "ospf 1 '", distance 1 10, metric 65. type intra area 
Last update from 10.1.12.1 on Scrial0/0.21, 00*:02:15 ago 
Routing Descriptor Blocks: 

* 1 0. 1 . 1 2. 1 , from 1 . 1 . 1 . 1 , 00:02: 1 5 ago, via ScrialO/0.2 1 
Route metric is 65. traffic share count is 1 

The following solution only affects the router that it's configured on, unless the 
filtering is done on the A BR from area (I into other areas, in which case it will 
effect all routers down stream to that Area (I. 

On R2 

R2(config)#Acccss-list I deny 1.1.1.0 0.0.0.255 
R2(config)#Acc ess -list 1 permit any 

R2(config)^roLitcr ospf 1 



CCIE RtSi!"* h\ Narbik kuL-harian* 



Ad* ancLd CCIE R&S Work Book 2.0 

C 2009 Narlrib Kucha rianx All righb reserved 



Page 528 of 1068 



R2 (con fig-router)?* distribute- list 1 in 
To verify the configuration: 

On R2 

R2#Show ip route ospt' 

100.0.0.0/24 is subncttccL I subnets 
100.1.1.0 [110/65] via 10.1.12.1, 00:00:30, Serial0/0.21 

111.0.0.0/24 is subnetted, 1 subnets 
I I 1. 1. 1.0 [110/65] via 10.1.12.1, 00:00:30, Scrial0/021 

1 0.0.0. Q'24 is subnet ted. 5 subnets 

10.1.13.0 [110/845] via 10.1.23.3, 00:00:30, SerialQ/0.23 

[1 lQ'845j via 10.1.12.1, 00:00:30, ScrialO/0.21 

LA 10.1.45.0 [110/192] via 10.1.23.3, 00:00:30, SerialQ/0.23 

1A 1 0.1. 34.0 [110/128] via 10.1.23.3, 00:00:30, SerklO/0.23 

I 1.0.0.0/24 is subnet ted, I subnets 
11.1.1.0 [110/65] via 10. 1 .12.1, 00:00:30, Scrial0/021 

Note the "distribute-list in" sub-router configuration mode command can be 
used when filtering anv type of LSA on a given router ONLY, this command 
0\LV filters the prefix from the local routers routing table and NOT the 
database. The output of the following "Shaw* 1 command reveals that 113 is 
learning network 1.1.1.(1/24 through R2, even though this prefix is NOT in 
R2*s routing table. 

On R3 

R3#Show ip route ospf" 

1.0.0.0/24 is sub netted, 1 subnets 
O 1.1.1.0 1110/1291 via 1(1.1.23.2, 1)0:03: 11, SerialO/0.32 

100. 0.0. 0/24 is sub net ted, I subnets 
O 100.1.1.0 [110/129] via 10.1232, 00:03:1 1, ScrialO 0.32 

111.0.0.0/24 is subncttctL 1 subnets 
1 1 L 1. 1.0 [ 11 129] via 10. 1 .23.2, 00:03: 1 1 , ScrialO/0.32 

10.0.0.0 24 issubnetted, 5 subnets 
O i 0. 1 . 1 2.0 [110/128] via 10. 1 232, 00:03: 1 1 , ScrialO/0.32 
O [A 10.1.45.0 [110/128] via 10.1.34.4, 00:03:1 1, SerialO/0.34 

1 1. 0.0. 0/24 issubnetted, I subnets 
O 1 1.1,1.0 [1 10: 129 J via 10. 1 .23.2, 00:03: 1 1 , ScrialO/0.32 

Note R3 sees network 1.1.1.0/24 through R2: this is because the bandwidth of 



CCIE R&i* bv Narbik KuL-harians 



Advanced CCI E R&S Work Book 2.0 

C2009 Narbik Kucha riam. All right! reserved 



Page 529 of 1068 



(he SO/1 interface connecting 113 to Rl is 128Kbps. 

Therefore, prefix 1.1.1.0 ,'24 is ONLY filtered from the routing table of R2 and 
NOT the database. The output of the following command reveals that this 
prefix is still in the database of R2: 

On R2 

RZsShow ip ospf database router I.I. 1.1 I irtc Network subnet 

(Link ID) Network subnet number: 11 1.1.1 . 
(Link ID) Network subnet number: 100. 1. 1 .0 
( Li nk I D) N ct wo rk s Lib ne t n u mbcr : 1 1 . 1 . 1 .0 
(Link ID) Network 1 ' sub net number: 1.1.1.0 
( Li nk I D) N ct wo rk' s ub nc t n u mbcr: 10.1.13 .0 
( Li nk I D) N ct wo rk s ub nc t n u mbcr: 1 . 1 . 1 2 .0 

Note configuring a "distribute-list out'* on Rl will NOT work at all, no other 
OSPF filtering solution will work except the one used in this task. 



Task? 

Configure filtering on the appropriate routcr/s such that the existing and future routers in 
area 2 do NOT receive network I 1 .1 .1.0 .'24 in their routing table or their database. 



The following method ONLY works for filtering LSA type 3s, and LSA type 3s 
ONLY. The first step is to configure a pre fix -list to deny the route: 

On K4 

R4(config)#ip prefix-list TST scq 5 deny LI. 1. 1 .0/24 
R4(con%)#ip prefix-list TST seq 10 permit 0.0.0.0/0 LE 32 

Once the prefix-list is configured, it can be applied to the area that it must be 
filtered from, in this case area 2. This command must be configured on an ABR. In 
the following configuration, the prefix-list filter's network 11.1.1.0 /24 from getting 
IN area 2. 

R4(config')#ro Liter ospf I 

R4(config-routcr)f*area 2 filter-list prefix TST in 



CC1E R&^ b* Narbik KuL-harian* 



Ad* weed CCI E RA.S Work Book 2.0 

C2009 \arl>ik Kuril Brian«. All riflhU mm t-d 



Page 530 of 1068 



To vt'iifv the. 1 configuration: 

On R5 

R5#sh ip route ospf I inc 1A 

IA 1.1. 1.0 [110 257: via 10. 1 .45.4, 00:32:51, ScrialQ/0.54 

O IA 100.1.1.0 [110 '257] via 10.1.45.4, 00:32:51, ScrialQ'0.54 

OIA I I 1. 1.1.0 [110 257] via 10.1.45.4, 00:32:51, ScrialO/0.54 

1 A 1 0.1 .1 3.0 [1 1 909] via 10.1.45.4, 00:44:42, ScrialM).54 

IA 10.1.12.0 [110/256] via 10.1.45.4,00:33:01, ScrialO'0.54 

IA 10.1.23.0 [110/192] via 10.1.45.4, 00:44:42, Scrial00.54 

IA 10.1.34.0 [110/128] via 10.1.45.4,00:44:42, ScrialO/0.54 

Note the above "Show*" command reveals that R5 does NOT have the route in it's 
routing tabic, and the following command verities that R5 docs Not have the prefix 
in it's database. 

R5#Show ip ospf database summary 1 1 . 1 . 1 .0 

OSPF Router with ID (5.5.5.5) (Process ID 1) 

On R4 

R4#Show ip route ospf I inc O 1 A 

O IA 1. 1.1.0 [110/193] via 10.1.34.3, 00: 13:32, ScrialO/0.43 

IA 100.1.1.0 [110/193] via 10.1.34.3,00:13:32, ScrialQ.''0.43 

OIA 1 1 1.1.1.0 [1 10/1 93] via 10.1.34.3, 00:13:32, ScrialQ'0.43 

O IA 10.1.13.0 [110/845] via 10.1.34.3,00:13:32, ScrialO/0.43 

IA 10.1.12.0 [110/192] via 10.1.34.3,00:13:32, ScriaUTO.43 

O IA 10.1.23.0 [110/128] via 10.1.34.3,00:13:32, ScrialQ.0.43 

OIA 11.1.1.0 1 111M931 via 10.1343, 00:13:32, Seria 10/0.43 

Note even though the output of the above "Show" command reveals that network 
11.1.1.(1 /24 is in R4"s routing table, the output of the following "Show" command 
clearly shows that it's in the database of area t) and NOT in the database that 
belongs to area 2 . 

R4*Show ip ospf database summary 11.1.1 .0 

OSPF Router with ID (4.4.4.4) (Process ID 1 ) 

Summary Net Link States (Area i)y*' 



CCIE R&S by NarMk Kueharians Advanced CCIE R&S Work Book IA Page S31 of 1068 

C 2009 Mar bib Kucha rian«. All rnjhb raerved 











Routing Bit Set on this LSA 
LS age: 267 

Options: (No TOS -cap ability, DC, Upward) 
LS Type: Summary Links( Network) 
Link State ID: 1 1.1.1.0 (summary Network Number) 
Advertising Router 3.3.3.3 
LSScq Number: 80000001 
Checksum: 0x950C 
Length: 28 
Network Mask: .'24 
TOS: Metric: 129 






TaskS 

Configure the appropriate router's such that the routers in area do not see network 
1 1 . 1 . 1 .0 .'24 in their routing table or Link state database. You shou Id use the same 
solution as the one in the previous task, but it should be implemented in the OUT bound 
direction. 






The following method is used for filtering LSA type 3s, and LSA type 3s ONLY. 
Once again a prefix-list is configured to deny network 11.1.1.0 .'24 on the ABR,but 
in the following case the "urea filter-list'* command is filtering network 11.1.1.0 '24 

as it's advertised OUT of area 1. 

On R3 

R3(config)#ip prefix-list 1ST scq 5 deny 11.1.1. 0/24 
R3(config)#ip prefix-list TST scq 10 permit 0.0.0.0/0 LE 32 

R3f configure Liter ospf 1 

R3( con fig-router)?* area 1 filter-list prefix TST out 

To verily the configuration: 

Note the output of the following commands show that prefix 11.1.1.0/24 is no longer 
in the routing table of R4 or R5. 

On R4 

R4*Show in route 1 1.1.1.0 "»55."» 55. "*55.0 




cc 


IE R&* b> Narbik Koeharians Advanced CCIE R&S Work Book 2.0 Page 532 of It 

C M09 Narbik Kocluiruiiu. All rq| his reserved 


168 



% Network not in table 

On R5 

R5*Sho\v ip route 1 1.1. 1.0 255.255.255.0 
% Netwtirk not in table 

Note the prefix is still in the routing table of 113, where the filtering is performed, 
but the prefix is in the muting table of this router as a route from area 1 (LSA type 
1) and NOT a prefix from area (From area 0's perspective this prefix is LSA type 
3). 

On R3 

R3#Shaw ip route ospf 

1.0.0.0.24 is subnetted, 1 subnets 
1. 1 . i .0 L 1 1 0/129 J via 10.1.23.2, 00:04:00, ScrialO/0.32 

100.0.0.0/24 is SLibncttcd I subnets 
1 00. 1. 1.0 [110/129] via 10. 1.23.2, 00:04:00, ScrialO/0.32 

11 1.0.0.0/24 is subricttcd, 1 subnets 
O I I 1. 1. 1.0 [110/129] via 10.1232, 00:04:00, ScrialO 0.32 

10.0.0.0/24 is subnetted, 5 subnets 
10. 1.12.0 [110/128] via 10. 1.23.2, 00:04:00, ScrialO/0.32 
O IA 10.1.45.0 [110/128] via 10.1.34.4, 00:04:00, SerialO'0.34 

1 1.0.0.0/24 is subnetted, 1 subnets 

1.0 |110/1291 via 10.1.23.2, 00:04:00, SerialO/0.32 




Note this is an intra-area route. 
To Drmt! this further: 

On R3 

R3#Sh ip ospf database summary' 11.1.1.0 

OSPF Router with ID (3.3.3.3) (Process ID 1.) 

Note the output of the above "Slum"" command reveals that network 11.1.1.0/24 is 
NOT in area 0, because if it was in area 0, it would have been in the Link State 
database of this router as a summary LSA or LSA type 3, whereas, the following 
"Show'" command reveals that the prefix is in area 1 as a router LSA or LSA type 1, 

lU-Shuv. :p ospl' database router :nc Area 1 11.1.1 .0 



CCIE R&l$ by Narbik Kuchariaiw Advanced CCIE R&S Work Book 2.11 Page S33 of 1068 

£ 2009 Narbik Kocharians. All riflhU rnervetl 



( Li nk 1 D) N ct wo rk s ub nc t n u mbcr: 1 1.1. 1 .0 



Task 9 

Configure the appropriate router's such that the routers in area or area 2 do not see 
network II 1 . 1 .1 .0 .-'24. L'sc the minimum number of commands to accomplish this task. 



Note the output of the following "Show'* command verifies that network 111.1.1.0 
724 is in the database of R3 that belongs to Area 1, and it shows up as a router LSA 
or LSA type 1: 

On K3 

R3*Show ip ospf database router ! inc Area 1 1 1 1 . 1 .1 .0 

(Link ID) Network subnet number: 11 1 .1.1.0 

The output of the following "Shoxv'" command reveals that prefix 111.1.1.0/24 is in 
the database of R3 as a summary LSA or LSA type 3: 

R3#Show ip ospf database summary 1 1 1.1.1.0 

OSPF Router with ID (3.3.13) (Process ID 1) 

Summary Net Link States (Area 0) 

LS age: 294 

Options: (No TOS -cap ability. DC, Upward) 
LS Type: Summary Linksf Network) 
Link State ID: II 1,1, 1 .0 (summary Network Number) 
Advertising Router 3.3.3.3 
LS Scq Number: 8000000A 
Checksum: 0x6CC8 
Length: 28 
Network Mask: .24 
TOS: Metric: 129 

The following command reveals that prefix 11 1.1.1.0 "24 is in the routing table of R3 

as an intra- are a route. 

Remember that intra-area mutes take precedence over inter-area routes: 

The re fore, this prefix shows up as an "()" route in the rout hit! table. 



CCIE R&«* by NarMk Kueharians Advanced CCIE R&S Work Book 2.0 Page S34afl068 

C 2009 \ir bib Kucha runt. All rijhU raerved 



R3*Show ip route ospf 1 inc 111.1.1.0 

() 11 1.1.1.0 [1 10/129] via 10. 1.232, 00:47:2 l s Serial 0/0. 32 

The following OSPF filtering mechanism w#rks ONLY cm LSA type Is. It filters 
LSA type ls from being injected into a given area, this command ONLY' mirks if 
it's configured on an ABR and it is used for filtering LSA type 1 and LSA type ls 
ONLY. 

On Rj 

R3 (configure Liter ospf 1 

R3(config-routcr)#area 1 range 111.1.1.0 255.255.255.0 not- advertise 

Note the prefix is still in the routing table of R3 where the filtering is performed, but 
once again it shows up in the routing table as LSA type 1: 

R3"Sho\v ip route ospf | inc 111.1.1.0 

O 11 1.1.1.0 [110/129] via 10.1.23.2, 00:00:34, ScrialQ/0.32 

Note the prefix is no longer in the database of R3 as LSA type 3, which means that 
the routers in area or any other area down stream to area will not have this 
prefix in their routing table or link state database. 

R3#Show ip ospf database summary 1 1 1.1. 1.0 

OSPF Router with ID (3.3.3.3) (Process ID 1) 

R 3* Show ip ospf database router inc Area 1 1 1 1 . 1 . 1 .0 

(Link ID) Network subnet number: 11 1.1.1.0 



Task 10 

Configure the appropriate router's such that none of the routers except Rl sec network 
100. 1.1.0 .24 in their routing table; DO NOT stop advertising this network to accomplish 
this task. You should NOT use the solution that was used in tasks 7. 8 or 9 to accomplish 
this task. 



On R2 



CCIE R&«* by Narbik kuchariaiu Afhuiced CCIE R&S Work Book 2.11 Pqge 53SoflQ68 

C2009 Narbik Kucha runs. All rij|hu raerved 



You should always display the existing access-list's arid distribute- lists before 
configuring one. You do not want to override an existing access-list distribute- list few 
minutes before the end of your lab exam. 

R2f*Show ace ess- list 

Standard IP access list 1 

10 deny 1.1.1 .0, wildcard bits 0.0.0.255 (1 9 matches) 
20 permit any ( 144 matches) 

R2*Shrun S router ospf I 

router QSpfl 
router- id 2.2.2.2 
log-adjaecncy-changcs 
network I0.L12.2 0.0.0.0 area 1 
network 10.L212 0.0.0.0 area 1 
distiibute-list 1 in 

Note the above "Show" command verifies that there is already a distribute- list 
configured in the sub-router configuration mode, therefore, we should try to modify 
the existing access-list that is applied by the existing distribute-list. 

R2(config)#\0 access- list 1 

R2(config)#acccss-list 1 deny 1.1. LO 0.0.0.255 
R2iconfig)#acccss-list 1 deny 100.1.1.0 0.0.0.255 
R2(config)#acccss-list 1 permit any 

'l'» vL'rit'v tht 1 configuration: 

On R2 

R2i'conila-routcr)r*do show in route 100. 1. 1.0 
% Network not in tabic 

On R3 

R3f*Show ace ess- list 

R3# 

R3*Show ip route inc 1 00.1 . 1.0 



CCIE R&S by Narbik Kucharians Advanced CCIE R&S Work Book 2.0 Page S36afl068 

C 20(19 Narbik Kucha rians. All rijhu raervetl 



100.1.1.0 [11 0/129 J via 10 J 23.2, 00:16:48, ScrialO'0.32 

R3(config)#acccss-list 1 deny 100.1.1.0 0.0.0.255 
R3(config)#ac cess- list 1 permit any 

R3 ( con fig )nRo utcr ospf 1 
R3(cunfig-routcr)f*distribute-list 1 in 

R3*Sho\v ip route ospf 1 inc 1 00. 1.1.0 

R33 

On K4 

R4* Show ace ess- list 

R4# 

R4#Show ip route ospf I inc 1 00. 1.1.0 

1A 100.1.1.0 [110/193] via 10.1.34.3,05:10:53, SerialO/0.43 

R4(eonfig)#access-list 1 deny 1 00.1 . 1.0 0.0.0.255 
R4 fc o n fig )#ac cess- list 1 permit any 

R4 f con fig )#ro utcr ospf* I 
R4(config-routcr)#dist rib ute- list 1 in 

R4*Show ip route ospf I inc 1 00. 1.1.0 
R4# 

On R5 

RSJsbow ip route 100. 1 .1.0 255.255.255.0 

% Network not in table 

R5"Sho\v ip ospf da summ I 00.1.1.0 

OSPF Router with ID (5.5.5.5) (Process ID 1) 



CCIE R&*> by Nar bik Kuchar Lans Advanced CCIE R&S Work Book 2.0 Page S3? of 1068 

C20Q9 Narbik Kucha rianx All riflhU raervetl 









** ** # # # ** * * * tttt # * ** * * # tttt * * * *# # # * ** * * # ## * * * ## # # * ** * * # ## **#*#### ** * * # ## * * # * 

Note using the "distribute- list in"" sub-router configuration command ONLY effects 
the router that it's configured on, and the ONLY exception is if the prefix that is 
being filtered, is coming from area 0, meaning it's being filtered from area into 
another area in which case it will filter the route from the database and as a result of 
that the routers in the non-zero area will NOT have the route in their database or 
routing table. 

Whereas, If it's being filtered from a non-zero area into area 0, it \*ill ONLY effect 
the router that it's configured on. 






Task 1 1 

Configure the following Loopback interfaces on R5 and redistribute these Loopback 
interfaces in OSPF routing domain using the default cost. 

Loopback 0- 5, 1 \ 1 124 
Loopback 1 -50.1,1 V24 
Loopbaek 2 - 55.5.5.5 flA 






On \15 

R5(config)#int loO 

R5(config-it>ip addr 5.5.5.5 255.255255.0 

R5(config-ii>int lo I 

R5(config-if)#ip addr 50.5.5.5 255.255.255.0 

R5(config-if)#int lo2 

R5(config-ii>ip addr 55.5.5.5 ?55255 255.0 

R5(config)#routc-map TST permit 10 

R5 (c o n fig-route- map )# match interface loO lol k)2 

R5fconfig)frroutcrospf 1 

R5(config-router)#redistribute connected subnets route-map TST 

To verify the configuration: 
On R4 




cc 


IE R&«> b> NarMk Kocharians Advanced CCIE R&S Work Book 2.0 Page 538ofl6 

C 3009 Narlrib Kucha rianx All rights raervctl 


68 



R4*Show ip route ospf Inc E2 

O E2 50.5.5.0 [110/20] via 10. 1 .45.5, 00:0 1 :05, SerialO'0.45 
E2 55.5.5.0 [120/20] via 10.1.45.5, 00:01:05, ScriaKX'0.45 
C> E2 5.5.5.0 [110/20] via 10. 1 .45.5, 00:0 1 :05, ScrialO/0.45 



Task 12 

Configure the appropriate router such that none of the routers except R5 can sec network 
5.5.5.0 '24 in their routing tabic. 



On R5 

R5 fc o n fig'^ac ccs s- li st 1 deny 5 . 5. 5 . 
R5(config)f#acccss-list 1 permit any 

R5 (c o n fig )?* router o sp f 1 

R 5 KHmf:s>routcr'j- distribute- list 1 on I 

lo verify the configuration: 

On R4 

R4f*Show ip route ospf lnc E2 

O E2 50.5.5.0 [1 10/20] via 10. 1.45 J, 00:06:00, ScrialO/0.45 
E2 55.5.5.0 [110/20] via 10. 1.45.5, 00:06:00, ScrialO/0.45 

On Rl 

R 1 #sh ip route ospf 1 nc E2 

E2 50.5.5.0 [1 10/20] via 10. 1. 12.2, 00:07:08, ScrialO/0.12 
O E2 55.5.5.0 [110/20] via 10.1.122, 00:07:08, ScrialO/0.12 

Note this is the ONLY scenario where the "distribute- list OUT'' command works in 

OSPF. This command MUST he configured on the AS BR or else it \\\\\ not have any 
effect whatsoever. This command filters USA type 5s or 7s, in this case the specific 
LSA type 5 is filtered from R5"s OSPF database and as a result of that, none of the 
other OSPF routers will see the route in their routing table or database. 



CCIE R&$ by NarMk Kuehariaiw Advanced CCIE R&S Work Book 2.0 Page S39ofl068 

CJ0Q9 Xarbik Kucharum. All rights reserved 



R5**Show ip ospf" database external 

OSPF Router with ID (5.5.5.5) (Process ID 1) 

Type- 5 AS External Link States 

LS age: 664 

Options: (No TOS -capability, DC) 

LS Type: AS External Link 

Link State ID: 50.5.5.0 (External Network Number) 

Advertising Router 5.5.5.5 

LS Scq Number: 80000001 

Checksum: 0x51 FE 

Length: 36 

Network Mask: .'24 

Mctrie Type: 2 (Larger than any link state path) 

TOS: a ' 

Mctrie: 20 

Forward Address: 0.0.0.0 

Externa! Route Tag: 

LS age: 664 

Options: (No TOS-capability, DC) 

LS Type: AS External Link 

Link State ID: 55.5.5.0 (External Network Number ) 

Advertising Router 5.5.5.5 

LS Scq Number: 8000000 1 

Checksum: Ox 103B 
Length: 36 
Network Mask: '24 

Metric Type: 2 (Larger than any link state path) 

TOS:0 

Mctrie: 20 

Forward Address: 0.0.0.0 

External Route Tag: 



CCIE R&*» by Narhik Kuehariaiw Advanced CCIE R&S Work Book 2.0 Page 540t>fl068 

C 2009 Narbik Kucha riaiu. All rijjhu ri-irrvcU 



Task 13 

Configure the appropriate router such that none ot'thc routers except R5 can sec network 
50.5.5.0 '24 in their routing tabic or database. You should NOT use the solution that was 
implemented in the previous task. 



The following command is used to filter LSA type 5s or 7s, this command must be 
configured on an ASBR, and when configured, it filters the specified prefix from the 
OSPF Link state database of the ASBR. 

On K5 

R 5 1 c o n fig)#ro Liter o sp f I 

R5(config-routcr)# summary -address 50.5.5.0 255.255.255.0 not-advertise 

Note network 50.5.5.0 '24 is NOT in the link state database of R5. 

R5"Sh ip ospf da external Inc 50.5.5.0 

R5# 

To verify the configuration: 
On Rl 

Rl*Ship route ospf I IncEZ 

E2 55.5.5.0 [11 0/20 J via 10.1.12.2, 00:21:25, ScrialO/0.12 

On R4 

R4#Show ip route ospf Inc E2 

E2 55.5.5.0 [110/20] via 10.1.45.5, 00:23:17, ScrialO/0.45 



Task 14 

Configure the appropriate router such that router Rl does NOT have network 55.5.5X) 24 
in its routing table. 



CCIE R&«* by Narbik Koc-harians Advanced CC1E R&S Work Book 2.0 Page 541 of 1068 

C 2009 Narbik Kucha rianx All rq|hfci reserved 



Note Rl has the net\*ork in it's routing table. 



On Rl 



R L#Show ip route ospf inc E2 

E2 55.5.5.0 [11 0/20 J via 1 0. 1. 1 2.2 r 00:30:59, ScrialQ/0.12 

Note there are no access-lists configured on this router: 

Rln'Sh access-list 
Rl# 

R 1 (c o n fig)#ac ccs s- li st 1 deny 5 5 .5 . 5 .0 
R 1 1 c o n fig )r* ac c cs s- li st 1 perm it a ny 

R 1 (c a n fig)#ro Liter o sp f I 
R](config-routcr)# distribute- list 1 in 



To verify the configuration: 



On Rl 

Rl"Sho\v ip route ospf inc E2 

Note the above "Show" command verifies that prefix 55.5.5.0 .'24 was filtered 
successfully. 



Task 15 

Remove all the filters applied in the previous tasks (6 — 10. 12 - 14), if this configuration 
is performed successfully, all the routers should have every mute advertised and 
redistributed in this lab. 



On Rl 

Rlfconfig^NO access-list 1 

Rl (con fig )#ro utcr ospf I 
Rl(eonfig-routcr)#NO distribute-list 1 in 



CeiE R&S by Narbik Kuchariara Advanced CCIE RJtS Work Book 2.0 

C2009 Mar l>ik Kucha riani. All rijjhu raervfil 



Page $42 of 1068 



On R2 

R2(config)#\0 access-list 1 

R2 f c o n fig )#ro utcr o sp f 1 
R2(config-routcr)r*\(> distribute- list 1 in 

On R3 

R3(config)#NO access-list 1 

R3(config)#routcrospf 1 

R3(config-routcr)#NO distribute- list 1 in 

R3(config-routcr)#NO area 1 range 1 1 1 . 1 . 1 .0 255.255.255.0 not-advertisc 

R3(config-roLitcr)rrN() area 1 filter- list prefix TST out 

R3iconfig)#NO ip prefix-list TST 

On R4 

R4(config)#\0 access- list 1 

R4 ( c o n fig)#ro ut cr o sp f I 

R4i;config-routcr)#NO area 2 filter-list prefix TST in 

R4(config-routcrY#\() distributc-list 1 in 

R4(config)#NO ip prefix-list TST 

On K5 

Rficonfig'JrrNO access-list 1 

R5(config)"routcrospt" I 

R5fconfig-routcr)r! i N(> summary- address 50.5.5.0 255.255.255.0 not-advertise 

R5(eonfig-routcr)#NO distributc-list 1 out 



Task 16 

Configure the following loopback interlaces and advertise them in OSPF routing domain 
based on the following chart: These loopback interfaces should be advertised with their 
correct mask. 



CCIE R&S by Narbik Kuehariaiw Advanced CCIE R&S Work Book 2.0 Page S43 of 1068 

C £04)9 Narbik Kxichariaiu. All rights reserved 



Routers 


Interface II J address 


Area 


R2 


Loopback - V.V ^4 


1 


R3 


Loopback - 3.3.3.3 ,24 
Loopback I -30.3.3.3 24 


1 



R4 


Loopback 0-4.4.4.4 ,24 
Loopback 1 -40.4.4.4/24 






On R2 

R2(config)#int loO 

R2(config-if)#ip addr 2.22.2 255.255 255.0 

R2(config-if)#ip ospf net point-to-point 

R2(config-if)#roLitcr ospf 1 
R2(config-routcr)#nctw 2.2.22 0.0.0.0 arc 1 

To verify the configuration: 
On R\ 



Rl*Showip route ospf lnc 2.2.2.0 

2.22.0 [110/65] via 1 0.1 . 12,2, 00:01:50, ScrialQ-'0. 12 

On K3 

R3(config)#int k)0 

R3(config-if)##ip addr 3.3.3.3 255.255255.0 

R3(config-if)f#ip ospf net point-to-point 

R3i;config-if)#int to! 

R3(config-if)#ip addr 30.3.3.3 255.255.255.0 

R3(config-if)#ip ospf net point-to-point 

R3(config-if)#routcr ospf 1 
R3i;config-routcr)#nctw 3.3.3.3 0.0.0.0 area 1 
R3(confignroutcr)#nctw 30.3.3.3 0.0.0.0 area 

To verify the configuration: 

On Rl 



CCIE R&5* bv Narbik Kuchai-ians 



Advanced CCIE R&S Work Book 2.0 

E 2009 NarlrikKuchariini. All rijhU raervwl 



Page S44 of 1068 



Rl#Sho\v ip route ospf lnc 

E2 50.5.5.0 [110/20] via 10. 1.12.2, 00:01:32, ScrialO/0.12 
222.0 [110/65] via 10.1.12.2,00:01:42, ScrialO'0.12 
() 3.3.3.0 | il0/129| via 10.1.12.2, 00:01 :42,SerUflflL12 

E2 55.5.5.0 [110/20] via 10. 1.122, 00:01:32, ScrialO/0.12 
E2 5.5.5.0 [110/20] via 10.1.122, 00:01:32, ScrialO/0.12 
1 0. 1 .23. [ 1 1 0/ 1 2 8] via 1 0. 1 . 1 2 .2, 00:0 1 :42, ScrialO/0. 1 2 
01 A 1 0.1. 45.0 [110/256] via 10.1. 12.2, 00:0 1:42, Scrialfl'O. 12 
1A 10.1.34.0 [110/192] via 10.1.12.2,00:01:42, ScrialQO. 12 
() I A 30.3.3.0 1 1 10/1291 via 10.1.12.2, 00:01:32, SerialO/0.12 

On K4 

R4(config)#int k)0 

R4(config-if)#ip addr 4.4.4.4 255.255255.0 

R4(config-if)#ip ospf net po in t-to- point 

R4(eonfig-if)#int lol 

R4(config-il>ip addr 40.4.4.4 255 255. 255. 

R4 (c o n tig- if )#i p o sp f net po in t-to - po i nt 

R4 (con fig- ii^ro utcr ospf 1 

R4 (c o n fig-ro u t er)#nctw 4 . 4. 4 .4 . 0. 0. area 2 

R4(config-routcr)#nctw 40.4.4.4 0.0.0.0 area 

'I'o verify the configuration: 

On kl 

R I "Show ip route ospf lnc O 

E2 50.5.5.0 [110/20] via 10.1.12.2, 00201:47, Scria!0 0.12 
2.2.2.0 [110 65] via 10.1. 12.2, 00:06:42, SerialOO. 12 
3.3.3.0 [110/129] via 10.1. 12.2, 00:06:42, Scrial0/0. 12 
IA 44.4.0 1110/1931 via 10.1.12.2, 00:02:03, SerialO/0.12 
E2 55.5.5.0 [110/20] via 10.1.12.2, 00:01:48, ScrialO/0.12 
O E2 5.5.5.0 [110/20] via 10.1.122,00:01:48, ScrialO/0.12 
() IA 40.4.4.0 1 1 10/1931 via 10.1.12.2, 00:01:57, SerialO/0.12 
10. 1.23.0 [110/128] via 10. 1.12.2, 00:06:42, ScrialO/0.12 
IA 10.1.45.0 [110/256] via 10.1.12.2,00:06:42, ScrialO'0. 12 
1 A 1 0. 1 .34.0 [110/192] via 10.1 .12.2, 00:06:42, ScrialO/0. 12 
O IA 30.3.3.0 [110/129] via 10.1.122, (11:06:32, Serial (I'O. 12 



COE R&S by Narbik Kuchariuiis Advanced CCIE R&S Work Book 2.0 Page S4Safl068 

CJ009 V»rl>ik Kucharuni. All righti raerveii 



Task 17 

Configure the appropriate router s such that the routers in area 2 do NOT sec any of the 
networks advertised by any of the routers in this topology, but routers Rl, R2 and R3 and 
R4 should sec all the networks advertised by the existing and future router's in area 2. 



By default all outgoing LSAsare flooded to the inti'ri;iiT . This command prevents 
flooding of ALL OSPF LSAs out of a L'iven interface , in this case SO/0.45. 

On K4 

R4(config)#int SO 0.45 

R4(config-subif)#ip ospf database- filter all out 

For this filtering mechanism to work, the OSPF process must be cleared. 

On K5 

R5#clc ip ospf proc 

Reset ALL OSPF processes? [no J: y 

Note R4 and R5 are still maintaining their neighbor adjacency 

R5f*sh ip ospf neighbor 

Neighbor ID Pri State Dead Time Address Interface 

4.4.4.4 FULL/ - 00:00:30 10.1.45.4 ScrialO'0.54 

Note R5 does NOT have any of the routes from the other routers, this includes R4 
which is in the same area. 

R5f*Show ip route b Gateway 

Gateway of last resort is not set 

50.0.0.0/24 is Subletted, 1 subnets 
C 50.5.5.0 is directly connected. Loopback I 

55. 0.0.0/24 is subncttcd r 1 subnets 
C 55.5.5.0 is directly connected. LoopbackZ 

5.0.0.0/24 is subletted, 1 subnets 
C 5.5.5.0 is directly connected. LoopbackO 

1 0.0.0. 0'24 i$ subletted, 1 subnets 
C 10. 1 .45.0 is directly connected, ScrialO'0. 54 



CCIE R&S by \nrUk Kueharians Advanced CCIE R&S Work Book 2.0 Page S46ofl068 

C 2009 >iarl>ik Kucha rian«. All right! rtiervni 



Note Rl has all the routes including the ones advertised by R5. 

On Rl 

R l^Sh ip route ospf 

50.(1.0.(1/24 is submitted* 1 subnets 
C) E2 50.5.5.0 |110;2(»1 via 10.1.12.2, 00:15:32, Serial Art). 12 

2. 0.0.Q' 24 i$ sub netted, I subnets 
O 222.0 [110/65] via 10.1.12.2,00:28:46, ScrialO/0. 12 

3.0.0.0/24 is subnetted, I subnets 
3.3.3.0 [110 129] via 10.1. 12.2, 00:28:46, ScrialO/0. 12 

4.0.0.024 is subnetted, I subnets 
O 1 A 4.4.4.0 [110/1 93 J via 10.1.122, 00:28:45, SerialO/0.12 

55.0.0.0/24 is sub netted, 1 subnets 
O E2 55.5.5.0 1110/201 via KU. 12.2, 00: 15:32, SerialO/0.12 

5.0.0.0/24 is subnetted, 1 subnets 
O E2 5.5.5.0 1110/20] via 10.1.12.2, 00:15:32, SerialO/0.12 

40.0.0. 0'24 is subnetted, 1 subnets 
O 1A 40.4.4.0 [110/193] vk 10.1.12.2,00:28:45, ScrialO'0.12 

10.0.0.0/24 is subnetted, 5 subnets 
10. 1.23.0 [110/128] via 10.1.122, 00:28:46, ScrialO/0.1 2 
O 1A 10.1.45.0 [110256] via 10.1.12.2, 00:28:37, ScrialO/0. 12 
O 1A 10.1.34.0 [110 192] via 10.1.12.2,00:28:46, Serial 0/0. 12 

30.0.0.0/24 is subneued, I subnets 
O 1A 30.3.3.0 [110/129] via 10.1.122,00:28:46, ScrialQ'0.12 



Task IS 

Configure the appropriate router s such that the routers Rl , R2 and R3 see a!! the routes 
advertised and or redistributed by the routers in this routing domain, whereas, routers R4 
ONLY sec the routes advertised within their area. arca2. 



The "Neighbor database-filter all out'" sub-router configuration command prevents 
Hooding of ALL OSPF LS.As to a given neighbor that is reachable through an 
interface that has a point-to-multipoint network type at a given IP address, in this 
case the neighbor with an IP address of 10.134.4. 

On K3 

R3(conf]g )r* router ospf 1 



CCIE R&S by Narbik Kuchariuns Advanced CCIE R&S Work Book 2.0 Page $47 of 1068 

C 3009 Narlrib Kucha rianx All rights rcirrvcii 



R3(config-routcr)#ricighbor 10.1.34.4 database- filter all out 

Note you should get the following error message, because the above "Neighbor"" 
command ONLY works for a neighbor through an interface that has a Point-to- 
Multipoint and or NBMA OSPF network types. 

%OSPF-4-CF(;_.\BR_[\VAL_.\ET_TYPE: Can not use configured neighbor: 
neighbor command is allowed only on SB.MA and point-to-multipoint networks 

R3i;config-rautcr)#int SO/0. 34 

R3(config-subif)#ip ospf network point-to-multipoint 

The same netvvork type should be configured on R4's SO/0.43 interface, as follows: 

R4(config)#int SO/0.43 

R4(config-subif)#ip ospf network point-to-multipoint 

R3 (config-s Lib if)#ro Liter ospf 1 
R3(config-router)#ncighbor 10.1.34.4 data base- filter all out 

Once again the OSPF process needs to be cleared: 

On R4 

R4frclcar ip ospf pro C 

Reset ALL OSPF processes? [no J: x 

To verify the configuration: 

On R4 

R4#Show ip route ospf 

50.0.0. 0'24 is subnetted, 1 subnets 
O E2 50.5.5.0 [110/20] via 10. 1 .45.5, 00:12:46, ScrialO'0.45 

55.0.0.0/24 is SLibncttcd, 1 subnets 
O E2 55.5.5.(1 [110/20] via 10. 1.45.5, 00:12:46, ScrialO/0.45 

5.0.0.0/24 is SLibncttcd, 1 subnets 
O E2 5.5.5.0 [110/20] via 10.1.45.5, 00:12:46, ScrialG'0.45 

On R5 

R5#Sh ip route b Gateway 



CCIE R&«> by \u-Uk Kucharians Advanced CCIE R&S Work Book 2.0 Page $48 of 1068 

C 10419 Narbik Ktichiriini. All rijjhU rcirrvcil 



Gateway of last resort is not set 

50.0.0.0/24 is subnet ted I subnets 
C 5 0. 5 . 5 . is d ircc tly CO nn cc ted r Loo p bat; k I 

55.0.0.0/24 is subnet tcd r I subnets 
C 55.5.5.0 is directly connected. Loopback2 

5.0.0.0/24 is SLibnettcd, I subnets 
C 5.5.5.0 is directly connected, LoopbackO 

10.0.0. 0'24 i s su bn ct t cd, I sub n cts 
C 1 0. 1 .45.0 is d ircctly connected, ScrialO/0.54 

Note 115 will NOT have any of the networks in its routing table bee a use of the 

configuration performed in task 16. 



Task 19 

Erase the startup configuration of the routers and reload them before proceeding to the 
next lab. 



CCIE R&* by Narvik Kuchariaiw Advanced CCIE R&S Work Book 2.0 Page S49o/J068 

C2009 Narbik Kucha rianx All rKjhU ri-irrvcU 



Lab 9 
Additional OSPF Filtering 



.--■" 



/ 



X 



Area 1 




FO/1 



---. 



.5 FOAI 

10.2.2.0/24 





S 



/ 




/ 



idAA.OlU 



Area 



\ 



\ 




10.11.11.0/24 




x 



\ 



/ 




Lab Setup : 



> Configure the FQ'l interlace of R2, R3, R5 and R6 should be configured in 
VLAN 100. 

> Configure the FO'O interlace of RL R2 r R3 and R4 in VLAN 200. 

> Configure the F0/1 interlace of Rl and BB1 in VLAN 300. 
3* Configure the IP addressing based on the above diagram. 



CCIE R&$ bv Narbik Kuchurian. 



Advanced CCIE R&<> V\ urk Book 2.0 

C 2(109 Narbik Kucha riant. All righu reserved 



Page 550 of 1068 





Task I 

Configure the FO/1 interface of Rl and BB 1 in OSPF area 0. 






On both routers 

(config)r*Routcr ospf 1 
i;contig-rautcr)#nctw 0.0.0.0 0.0.0.0 area 

I o verify the configuration: 

On BBI 
BBl#Ping 10. 11. 1 1.1 




Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 10.1 1.11.1, timeout is 2 seconds: 

MM* 

Success rate is 100 percent (5''5), round-trip min/avg'max = 1/2/4 ms 

BBl#Sh ip ospf neighbor 

Neighbor ID Pri State Dead Time Address Interface 

1 .0. 1 . 1 . 1 1 FULL'D R 00:00:38 1 0. 1 1 . 1 1 . 1 FastE thcrnctO/'l 




Task 2 

Configure Rl, R2, R3 and R4's FO/0 interlace in OSPF area 0. 






On R2 

R2(config)#ro Liter ospf 1 
R2i:con%-roLitcr)#nctwork 10. 1. 1.2 0.0.0.0 area 

On K3 

R 3 (configure Liter ospf 1 
R3i;config-routcr)#nctwork 10. 1. 1.3 0.0.0.0 area 




cc 


IE R&* b) Narbik KocharLans Advanced CC1E R&S Work Book 2.0 Page 55! of It 

£ 2009 \«rbik Koch* ruins. All r^lifci reserved 


US 











On R4 

R4 (c o n figure u t cr o sp f 1 
R4i;config-routcr)r*nctwork 10. 1. 1.4 0.0.0.0 area 

To verify the configuration : 

On Rl 

R I~Sho\v ip ospf neighbor 

Neighbor ID Pri State Dead Time Address Interface 
IO.lI.II.il 1 FULL/BDR 00:00:34 10.11.11.11 FastEthcrnctO/ 1 
10.1.1.4 1 FULL/DROTHER 00:00:36 10.1.1.4 FastElhernetO/0 
10.2.2.2 1 FULL/BDR 00:00:30 10.1.1.2 Fa si Elh erne 10/0 
10.2.23 1 FULLDROTHER 00:00:31 10.1.13 Fast EC he me 10/0 






Task 3 

Configure the FO/'l interlace of R2, R3, R5 and R6 in Area 1. 








On R2 

Rlfconfig^routcrospf 1 
R2i;config-routcr)#nctwork 10.2.2.2 0.0.0.0 area 1 

On R3 

R3(config)#routcr ospf 1 
R3i;config-router)#nct\vork 10.2.2.3 0.0.0.0 area 1 

On R5 

R 5 (con fig)#ro Liter ospf 1 
R5i;config-roLitcr)#nct\vork 10.2.2.5 0.0.0.0 area 1 

On R6 

R6(config .^router ospf 1 




cc 


IE R&^ by Narbik kuchurimM Ad* ancird CCIE R&S Work Book 2.0 Page SS 

£ 2009 Narbik Kucha runi. All rij[hu rrirrvfil 


? of 1668 















R6i;config-routcr)#nctwork 10.2.2.6 0.0.0.0 area 1 








To verify the configuration: 








On as 








R5*Show ip ospf neighbor 








Neighbor ID Pri State Dead Time Address 
10.2.2.6 1 FL'LL/BDR 00:00:39 10.2.2.6 
10.2.2.2 1 FLLL.'DROTHER 00:00:33 10.2.2.2 
10.2.23 1 FLLL.'DROTHER 00:00:33 10.2,2,3 


Interface 

Fast El her nel 0/1 

FastElhernelO/l 

FastEthenielO/1 






On R6 








RftrrShow ip ospf neighbor 








Neighbor ID Pri State Dead Time Address 
10.2.2.5 1 FL'LL/DR 00:00:38 10.2.2.5 
10.2.2.2 1 FLLL.'DROTHER 00:00:34 10.2.2.2 
10.2.23 1 FULL'DR OTHER 00:00:35 10.2.2.3 


Interface 
FastEihenieiO/l 
FaslElhernelO/l 
FastElhemelO/1 




Tusk 4 




Configure two loopback interfaces on R5 using the following IP addresses: 


Lot) =^^ ft and Lo 1 = 55.5.5.5 f24 

Lol interface should be advertised in OSPF area 1 with its correct mask. 

LoO should be redistributed in OSPF as metric- type I . 




On R5 








R5i;config)# inter loO 

R5i;config-ii>ip address 5.5.5.5 255.0.0.0 








R5 (co nfig)# inter lul 

R5iconfig-if)#ip address 55.5.5.5 255.255.255.0 

R5(config-if)#ip ospf network point-to-point 








EL5(oomfig)#ro Lite- map TST permit 10 






CC 


IE R&^ b> Narblk kuchuriank Advanced CCIE R&S Work Book 2.0 

C2009 Virbik Kucha riani. All rijjhu rtservwl 


Page 553 of It 


168 











R5 (c on fig )# match interface loO 

R5(config)#routcrospf 1 

R5(config-routcr)#nctwork 55.5.5.5 0.0.0.0 ansa 1 

R5(config-routcr)#redistribute connected metric-type 1 subnets route-map TST 






Task 5 

Configure two luopback interfaces on R6 using the following IP addresses: 

LoO = 6.6.6.6 ,'8 and Lo I = 66.6.6.6 ,'24 

Lol intcriacc should be advertised in OSPF area 1 with its correct mask. 

LoO should be redistributed in OSPF as metric-type I. 






On R6 

R6(config)# inter k)0 

R6(config-if)*ip address 6.6.6.6 255.0.0.0 

R6(config)# inter lol 

R6(config-it>ip address 66.6.6.6 255.255.255.0 

R6(config-if)#ip ospf network point-to-point 

R6(config)#routc-map TST permit 10 
R6(config)#match interface loO 

R 6 (c o n fig')# ro u t cr o sp f 1 

R6(config-rautcr)T*nct\vork 66.6.6.6 0.0.0.0 area 1 

R6(config-routcr)#redistribute connected metric-type 1 subnets route-map TST 




cc 


Task 6 

Configure two loopback interfaces on R4 using the following IP addresses: 

LoO = 4.4.4.4 /S and Lo 1 = 44.4.4.4 /24 

LoO interface should be advertised in OSPF area 1 with its correct mask. 

Lol should be redistributed in OSPF as metric- type 2, this route should be tagged with 44 

as it gets redistributed in OSPF routing domain. 

IE R&«* b> Narblk KoeharLans Advanced CCIE R&S Work Book 2.0 Page 554 of It 

£ 2(109 \«rl>ik Kucharuni. All rij|hU mtn t-il 


168 



On K4 

R4 (c o n fig)# in t cr fac c Loo p b ac kO 
R4(config-if)#ip address 4.4.4.4 255.0.0.0 
R4(config-if)#ip ospf network point-to-point 

R4(config)rr interface Loopbaekl 
R4(config-if)#ip address 44.4.4.4 255.255.255.0 

R4(config)#routc-map TST permit 10 

R4 fc o n fig-ro u tc- map ) S mate h in tcrfacc Loo p b ac k I 

R4 ( c o n fig -r Q u t c- map )# set t ag 44 

R4 fc o n fig )P router o sp £ 1 

R4 (con fig-ro utcr)?* redistribute connected subnets route-map TST 

R4(config-routcr)r*nct\vork 4.4.4.4 0.0.0.0 area 1 

R4 (con fig-ro utcr)#nct\vurk 10. 1. 1.4 0.0.0.0 area 

To verify the configuration: 
On \U 



R1#Sh ip route ospf 

1A 4.0.0.0/8 [110/2] via 10.1.1.4, 00:49:17, FastEthcrnctO 
1 A 55.5.5.0/24 [ 1 1 0/3 j via 1 0. 1.1.3, 00:49: 1 7, FastEthcrnctO 
[1 10/3] via 10. LI .2, 00:49:17, FastEthcrnctO/0 
O El 5.0.0.0/8 1110/221 via 1(1.1.1.3, 00:49:17, FastEthurnelO/0 
1110/221 via 10.1.1.2, 00:49:17, FastEtliernetO/0 
66.0.0.0/24 is subnet ted, 1 subnets 
O IA 66.6.6.0 1 110/3| \ia 10.1.1.3,00:49:17, FastEthernetOO 
1 1 1 11/3 1 v ia 1 II. 1 . 1 . 2 , (HI : 49 : 1 7, F ast E th ei net 
O E2 6.0.0.0/8 |110/201 via 10.1.1.3, 00:49:17, Fast Ether BetO/0 
1110/20] via 10.1.1.2, 00:49:17, FuslEllimittO/O 
1 0.0.0. 0'24 issubnetted, 3 subnets 
IA 10.22.0 [1 10/2] via 10.1.1.3,00:49:17, FastEthcrnctO 
[110 2; via 10. 1.1.2, 00:49:17, FastEthcrnctO/0 
44.0.0.G'24 issubnetted, 1 subnets 
O E 2 44 .4 .4 .0 [ 1 1 0/2 j v ia 1 . 1 . 1 .4 , 00 :4 9 : 1 7 , FastE thcrnctO/0 

Rl*Ship route 44.4.4.4 

Routing en try lor 44.4.4.0/24 
Known via "ospf 1 ". distance I I 0. metric 20 



COE R&S by NarMk KochariaiH Advanced CC1E R&S Work Book 2.0 Page SSSa/1068 

C2QQ9 Xarbik. Kucharuni. All righti rcirnril 











Tag 44, type extern 2. forward metric 1 
Last update from 1 0. 1. 1 .4 on FastEthcrnetO 0, 00:52:1 2 ago 
Routing Descriptor Blocks: 
* 10.1.1.4, from 10.1.1.4, 00:52:12 ago, via FastEthcrnetO 

Route metric is 20, traffic share count is 1 

Remit; tag 44 

On BBI 

BBl#Sh ip route ospf 

O IA 4.0.0.0/8 [ 110/3] via 10.11. 11 .1, 00:53:43, FastEthcrnetO; 1 
O IA 55.0.0.0/8 [ 1 10/4 J via 1 0. 1 1 . 1 1 . 1, 00:53:43, FastEthcrnetO/ 1 
O E 1 5.0.0.0/8 [ 1 1 0/23] via 10.1 1.1 1.1, 00:53:43, FastEthcrnetO' 1 

66.0.0.0 24 is subnetted, 1 subnets 
1 A 6 6 . 6 .6 . 6 [ 1 1 0/4] via 1 . . 1 1 . i 1 . 1 , 00: 5 3 :4 3 , FastE thcrnctO/ 1 
O E2 6.0.0.0/8 [ 1 1 0/20 J via 1 0. 1 1 . 1 1 .1 , 00:53:43, FastEthcrnetO 1 1 

10.0.0.0/24 is subnet ted, 3 subnets 
O 1 A 1 0.22.0 [1 10/3] via 1 0. 1 i . 1 1 . 1 , 00:53:43, FastE thcrnctO/ 1 
O 1 D. 1.1.0 [110/2] via 10. 1 1 . 1 1 . 1 , 00:53:43, FastEthcrnctO/1 

44.0.0.0/24 is subnet ted, 1 subnets 
O E2 44.4.4.0 [1 10/20] via 10. 1 1 . 1 1 . 1, 00:53:43, FastEthcrnctO/1 






I ask 7 

Configure Rl to filter all networks that carry a tag of 44. 






On kl 

Rl (con fig)#ro Lite* map Task- 7 deny 10 

R 1 (config-routcr)?* match tag 44 

Rl (config)#routc-map Task- 7 permit 20 

In the above configuration routes that tatty a tag of 44 are matched and denied and 
the routes that do NOT carry a tag of 44 are all permitted. 

R 1 (c o n fig)f#ro u t cr o sp f 1 

R I ( c on f:t>ruuter')~ distribute- list route-map Task-7 in 

To vcrifv the configuration: 




cc 


IE R&^ b> Narblk Rucharian-. A<h anted CC1E R&S Work Book 2.11 Page 556 of It 

£ 20(19 MarlribKuch Brunt. All rijhu reserved 


)68 



On Rl 

R If* Show ip route ospf 

1 A 4.0.0.0/8 |110/2] via 10.1. 1.4, 00:02:12, FastEthcrnctO/0 
IA 55.5.5.0/24 [110/3] vk 1 0.1 .1.3,00:02:12, FastEthcrnctO 

[1 10/3] via 10.1.1.2, {K):02:12, FastEthcrnctO 
O E 1 5.0.0.0/8 [110/22] via 10. 1. 1.3, 00:02:12, FastEthcrnctO 

[1 1022] via 10.1.12, 00:02:12, FastEthcrnctO.' 
66.0.0.0 24 is subletted, 1 subnets 
O 1 A 66.6.6.0 [1 10/3] via 10.1. 1.3, tX):02:12, FastEthcrnctO/O 

[11Q-3J via 10.1.1.2, 00:02:12, FastEthcrnctO/0 
O E2 6.0.0.0/8 [110/20] via 10.1.1.3, 00:02:12, FastEthcrnctO 

[1 10/20] via 10.1.1.2, 00:02:12, FastEthcrnctO 
10.0.0.0' 24 is subnet ted, 3 subnets 
1 A 10.22.0 [1 10/2] via 10.1. 1.3, 00:02:12, FastEthcrnctO 

[1 10'2] via 10. 1 . 1 .2, 00:02:12, FastEthcrnctO 

Note network 44.4.4.0 .'24 is blocked because it carried a tau of 44. Its very 
important to note that this filtering is performed on Rl and the routes that carry a 
tag of 44 are filtered fnmi the routing table of Rl and NOT the database. 

To verify the configuration: 

On BBI 

BBl#Sh ip route ospf 

O IA 4.0.0.0/8 [110/3] via 10.1 1.11.1, 00:08:42, FastEthcrnctO/ 1 
O IA 55.5.5.0/24 [110/4] via 10.1 1.1 1 .1, 00:08:42, FastEthcrnctO' 1 
O E 1 5.0.0.0/8 [110/23] via 10.1 1 . 1 1 . 1 , 00:08:42, FastEthcrnctO, I 

66.0.0.024 is subnet ted, 1 subnets 
IA 66.6.6.0 [1 10/4] via 10.1 1.11.1, 00:08:42, FastEthcrnctO' 1 
O E2 6.0.0.0,8 [110/20] via 10.1 1.1 1.1, 00:08:42, FastEthcrnctO/1 

10.0.0.024 is subnet ted, 3 subnets 
O 1 A 1022.0 [1 10/3] via 10.1 LI hi, 00:08:42, FastEthcrnctO I 
1 0. 1.1.0 [ 110/2] via 10.1 1 .1 1 .1 , 00:08:42, FastEthcrnctO' 1 

44.0.0.0/24 is sub netted, 1 subnets 
O E2 44.44.0 [U0/20] via 10.1 1.1 1.1, 00:08:42, FastEthernetO.'l 

On Rl 



Rl*Sh ip ospf da ex adv-routcr 10.1.1.4 



CCIE R&S b\ Narblk KuL-harLaiw Adt uiccd CCIE R&S Work Book 2.0 Page SS? of 1068 

CM Xarbik Koch* runs. All rijhu raervwl 











OSPF Router with ID (10.1.1.1) (Process ID 1) 

Type- 5 AS External Link States 

Routing Bit Set on this LSA 

LSagc: 1036 

Options: (No TOS -cap ability s DC) 

LS Type: AS External Link 

Link Slate ID: 44.4.4.(1 (External Network Number > 

Advert is ing Ro titer: 1 0. 1.1.4 

LS Scq Number: 80000004 

Checksum: 0xE04C 

Length: 36 

Network Mask: /24 

.Metric Type: 2 (Larger than any link state path) 

TOS:0 

Metric: 20 

Forward Address: 0.0.0.0 

External Route Tag: 44 

Note the route is still in the database of Rl. 






Task 8 

Remove the "distribute- list route-map Task-7 in "command from the previous task and 
configure Rl to filter all OSPF external type 2 prefixes. You should NOT configure an 
ace ess- list to accomplish this task. 






On ri 

RI(config)r#ro utc- map Task- 8 deny 10 

Rl (COmfig-ro utc- map )#match route-type externa! typc-2 

R 1 (c o n fig)" ro u t c- map Tas k- S p crmit 2 

R 1 (c o n fig)#ro titer o sp f 1 

R I (con fig-router)" distribute- list route-map Task-8 in 

To verify the configuration: 
On Rl 




cc 


IE R&S b> Narblk Kuehariami Advanced CCIE R&S Work Book 2.0 Page SSHoflt 

C2009 Narbik Kucha runi. All righu rrirrvcd 


)68 



Rl#Sh ip route gggf 

1 A 4.0.0.0/S [110/2] via 10.1.1.4, 00:00:09, FastEthcrnctO/0 
[A 55.5.5.0/24 [110/3] via 10.1.1.3, 00:00:09, FastEthcmctO 

[1 103] via 10.1.1.2, 00: 00:09, FastEthcrnctO/0 
E 1 5.0.0.0/8 [II 0/22] via 1 0. 1.1.3, 00:00:09, FastEthcractO 

[1 10/22] via 10.1. 1.2, 00:00:09, FastEthcractO. 
66.0.0. 0/24 i s su bn ct t cd, I sub n ct s 
O 1A 66.6.6.0 [1 10,3] via 10.1. 1.3, 00:00:09, FastEthcrnctO/0 

[1 10/3] via 10, 1 . 1 .2, 00:00:09, FastE thcrnctO/0 
10. 0.0. 0.24 issubnetted, 3 subnets 
1 A 10.22.0 [1 10/2] via 10.1. 1.3, 00:00:09, FastEthcrnctQYO 

[1 10/2] via 10.1. 1 .2, 00:00:09, FastE thcrnctO/0 

There is no need to remove the previous distribute- list command, when a nex\ one is 
entered; it overrides the previous distrihute-list command. 

Note the external type-2 (E2) routes are filtered from the routing table ufRl, but 
they are still in the database of this router and therefore, as a result of that, BB1 nill 
have the E2 routes in its routing table. 

On BBI 



BBl"Sh ip route ospi" 

1 A 4.0.0.0/8 [110/3] via 10.1 1.11.1, 00:21:51, FastEthcractO/ 1 
1 A 55.5.5.0/24 [110/4] via 10.1 I . I I . i , 00:21:51, FastEthcractO I 
E 1 5.0.0.0/8 [11 0/23] via 10.11.11.1, 00:2 1:51, FastE thcrnctO/1 

66.0.0.0 24 issubnetted, 1 subnets 
O 1 A 66.6.6.0 [1 10/4] via 1 0. 1 1 . 1 1 . 1 , 00:21:5 1 , FastE thcmct0.T 
O E2 6.0.0.0/8 1110/201 via 10.11.11.1, 00:21:51, FastEthernetO/1 

1 0.0.0.0/24 issubnetted, 3 subnets 
1A 10.2.2.0 [1 10/3] via 10. 1 1 .1 1.1, 00:21:51, FastE thcrnctO/ 1 
O 1 0. 1 . 1 .0 [ 110/2] via 10.1 1 .1 1.1, 0021 :5 1, FastEthcrnctO/1 

44.0.0.0/24 is subnet ted, 1 subnets 
OE2 44.4.4.0|110/201 via 10.11.11.1,00:21:51, FaslEthernetO/1 



Tusk 9 

Erase the startup configuration and reload the routers before proceeding to the next lab. 



CCIE R&*> by Narvik Kuehuriaiw Advanced CCIE R&S Work Book 2.0 Page SS9afJ068 

C2009 Narbik Kucha rianx All rijjhu raerved 



Lab 10 
Redirecting traffic in OSPF 



Area 




\ 



iaiji3«>ffl* 



Fr.V 



\ 




\ 



\ 



/ 



\ 



Leo 



/ 



I 



I 



/ 



Lab Setup: 

> Rl should be configured with two point-to-point links, one connecting Rl to R2 
and the other connecting R! to R3. R2 and R3 should also be configured in a 
point-to-point manner. 

> R2 S R3 and R4's F0/0 interfaces should be configured to be in VLAX 234. 
^ Use the IP address chart below to assign IP addresses to the routers. 



CCIE R&5* bv Narbik Kuirhariami 



Advanced CCIE R&S Work Book 2.0 

C 1009 Virbik Kucha runt. All rujhu reserved 



Page 560 of 1068 



II* AiklrL'ssing: 



Router 


Interface 


IP address 


Area 


Rl 


LoO 


1.1.1.1 .8 


Area 




F/R interlace to R2 


10.1.12.1 ,24 


Area 




F R interface to R3 


10.1.13.1 24 


Area 


R2 


LoO 


2.2.2.2 ,'S 


Area D 




FR interface to Rl 


1 0.1.12.2 .12 4 


Area 




Ft) (I interface 


10.1.234.2/24 


Aix-a 


R3 


LoO 


1 H T T >o 
5.D.5.5 -o 


Area 




F R interlace to Rl 


10. Li 3.3 .'24 


Area 




FO interlace 


10.1.234.3/24 


Area 


R4 


LoO 


4.4.4.4 /B 


Area 




FO/0 interface 


10.1.234.4/24 


Area 



[ask I 



Configure OSPF on all routers and advertise their directly connected network in area 
and ensure that these routers can reach all the advertised networks. Ensure that the 
loopback interfaces are advertised with their correct mask. 



On All KoutiTS 

(conlig-if)#routcrospf I 
(config-rautcr'^nctw 0.0.0.0 0.0.0.0 arc 

(coniig-routcr)#intcrfacc Lo 
(config-if)#ip ospf network point-to-point 



Task 2 

Rl has two ways to reach network 4.0.0.0 .8. ensure that Rl uses R2 to reach this 

network. Rl should go directly to R3 to reach network 3.0.0.0. 

However, if R2 goes down, R3 should be used as a transit router to reach network 4.0.0.0 

/8. 

DO NOT USE THE FOLLOWING COMMANDS: 

Bandwidth; any global config command, OSPF cost command or the distance command. 



CCIE R&«» bv Narbik KuL-hariatis 



Advanced CCIE R&S Uurk Book 2.0 

£ 2009 Vtrbik Kucha riaiu. All rijhu reerved 



Page 56! of 1068 



Note the routing table of Rl reveals that Rl can reach network 4,0.0.0 \ia R2 and 
R3. 

On Rl 



R If* Show ip route 

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP 

D - E1GRP, EX - E 1GRP external, - OSPF, LA - OSPF inter area 
XI - OSPF NSSA external type I , N2 - OSPF NSSA external type 2 
El - OSPF external type I, E2 - OSPF external type 2 
i - 1S-1S, Su - 1S-1S summary, LI - 1S-1S lcvcl-l,*L2 - 1S-1S lcvcl-2 
ia - IS- IS inter area. * - candidate default, U - per- user static route 
o - ODR, P - periodic downloaded static route 

Gateway of last re sort is not set 

C 1 .0 .0 . 0/8 is direct h/ co n n cc ted , Loo p b ac kO 
O 2.0.0.0 S [11065J via 10.1.122, 00:0021, ScrialO/0.12 
O 3.0.0.0.8 [110.65] via 10.1.13.3, 00:0021, ScrialQ/0.13 
() 4.0.0.0/8 1110/661 via 10.1.13.3,00:00:21, SerialO/0.13 
1 110/661 via 10.1.12.2, 00:00:21, SerialO/0.12 
10.1.0.024 issubnetted, 3 subnets 
10. 1 234.0 [1 10. 65] via 1 0. 1 .1 3.3, 00:00:2 1 , ScrialO/0.1 3 

[ 1 10/6 5 J via 10.1.12.2, 00:00:21, ScrialO/0.1 2 
C 1 0. 1 .12.0 is directly connected, Scrial0/0. 12 
C 1 0. 1 .1 3.0 is directly connected, ScrialO'O. 1 3 

On R3 

R3(config)#routcrospf 1 
R3(config-router)#ma\-mt;tric router-lsa 

The above command will cause a router to originate LSAs with a maximum metric 
of Oxffff (LS Infinity). This is done so that other routers do not prefer the router as a 
transit hop in their path to a given network. 

To Verify the configuration: 
On Rl 

RlffShow ip route 

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP 



CCIE R&<* by N'Hi-Uk Kucharium Advanced CCIE R&S Work Book 2.0 Page S62afl068 

C2Q09 Varbik Kucha rian«. All rights rcirrvwi 



D - E1GRP, EX -E1GRP external, O - OSPF, IA - OSPF inter area 
M - OSPF NSSA external type l,N2 - OSPF NSSA externa! type 2 
El - OSPF external type 1, E2 - OSPF external type 2 
i - IS-IS, su - 1S-1S summary, L I - IS-IS level- 1 , L2 - IS-IS lcvcl-2 
ia - IS- IS inter area., * - candidate default,, L* - per- user static route 
o - ODR, P -periodic downloaded statie route 

Gateway of last resort is not set 

C I .0 . 0/ 8 i s d i rcc t ly co n nee ted . Loo pb ac kO 

2.0.0.0/8 [110/65] via 10. 1.12.2, 00:04:12, ScrialO/0.12 

O 3.0.0.0/8 [ 110/65] via 10.1. 1 3.3, 00:04:12, ScrialO/0. 1 3 

() 4.0.0.0/8 1110/661 via 10.1.12.2,00:04:12, SerialO/0.12 

10.1.0. 0/24 i s su bn fitted, 3 sub nets 
10.1234.0 [110/65] via 10. 1.12.2, 00:04:12, ScriaH)/0.12 
C 10. 1 .12.0 is directly connected, ScrialO 0. 12 
C 10. 1.13.0 is dircctlv connected. Scrial0/0. 13 



Task 3 

Erase the startup con fig and reload the routers before proceeding to the next lab. 



CCIE R&«> by \nrUk Kuehariaiw Advanced CCIE R&S Work Book 2.0 Page S63 of 1068 

C 2009 Narbik Kucha riaiu. All rijjhu rcirncd 



Database 


Lab 11 
Overload Pr« 


tection 





EIGRP100 




FG/0 
/ 10,1.210/24 



Ltfl \ 



N 




AreaO 



/ 



/ 



Lab Set liij: 



The frame-relay connection between Rl and R2 must be configured in a point-to- 
point manner. 



> R2 and R3's FO/0 interface should be configured in VLAN 23. 



CCIE R&* by \nrUk Kuehariaiw Advanced CCIE R&S Work Book 2.IJ 

£ 3009 Varbik Kucha riani. All rijjhu rciervcii 



Page 564 of 1068 



II* Aiklrfssing: 



Router 


Interface 


IP address 


Area 


Rl 


Ltd 


1.0.0.1 /S 


Eigrp 100 




L«2 


2.0.0.1 /8 


Eigrp 100 




Lo3 


3.0.0.1 /8 


Eigrp 100 




Lo4 


4.0.0.1 /S 


Eigrp 100 




Lu5 


5.0.0.1 /S 


Eigrp 100 




Lu6 


6.0.0.1 8 


Eigrp 100 




Lo7 


7.0.0.1 /8 


Eigrp 100 




Lc>8 


8.0.0.1 /8 


Eigrp 100 




Lu9 


9.0.0.1 /8 


Eigrp 100 




Lol 


10.0.0.1 24 


Eigrp 100 




Loll 


1 1 .0.0. 1 m 


Eigrp 100 




SO/0.12 


10.1.12.1 24 


Eigrp 100 


R2 


LoO 


2.2.2.2 /8 


Eigrp 100 




Lol 


22.2.2.2/8 


OSPF area 




SO/0.21 


10.1.12.2 .24 


Eigrp 100 




FO/0 


10.1.23.2/24 


OSPF area 


R3 


[.Oil 


3.3.3.3 /8 


OSPF area 




FO/0 


10.1.23.3 '24 


OSPF area 



Task I 

Configure the routers as follows: 

> n R 1 , co n figure Eigrp 1 00 and advert ise nctwo rks 1.0. 0. 8-5.0 .0 . /8 and the 
frame- relay interface to R2. 

> On R2., configure Eigrp 100 and advertise networks 2.0.0.0 8 and the frame-relay 
interface link to Rl. 

> On R2, configure OSPF and advertise network 22.0.0.0 .'8 and the FO/0 interface 
to R3 in area 0. 

P On R3. configure OSPF and advertise all of its interfaces in area 0. 



On Rl 

Rl (configure Liter eigrp 1 00 

Rlfconfig-routcr)#no au 

R 1 (config-routcr)^nctw 1 . 0. 0.0 



CCIE R&S by N'Hi-Uk Kucharians Advanced CCIE R&S Work Book 2.11 

C2009 Nvbik Kucha riani All riflhU reserved 



Page 565 of 1068 











Rifconfig-rauterjftwtw 2.0.0.0 
R 1 (config-routcr)#nctw- 3.0. 0.0 
Rl (config-routcr)r*nct\v 4.0. 0.0 
R 1 fc o n fig-ro u tcr)# net w 5 . 0. . 
Rl i;config-routcr)#nct\v 1 0. 1. 12.0 0.0.0255 

On R2 

R2(config-if)#routcr ospf 1 
R2(config-routcr)f*nctw 22.2.2.2 0.0.0.0 arc 
R2iconfig.routcr)#nctw 10.1.23.2 0.0.0.0 arc 

R2(config-roLitcr)r*rout cr cigrp 1 00 
R2i;config-routcr)#nctw 10.1.12.0 0.0.0255 
R2i con fig-ro utcr)#nct\v 2.0. 0.0 
R2 (c o n fig-ro u t cr) S no auto 

On R3 

R3f con fig- if)#ro Liter ospf 1 
R3(config-routcr)?*nct\v 0.0.0.0 0.0.0.0 arc 






Task 2 

On R2, perform a mutual redistribution between OSPF and Eigrp 100. 






On R2 

R2(config)#ro Liter cigrp 1 00 

R2i:config-routcr)#redistributeospi 1 metric 1500 20000 255 1 1500 

R2 (c o n fig-ro u t cr) # ra Lit cr o sp f 1 
Rlfconfig-roLitcrYrrredistribute eigrp 100 subnets 

Note when redistributing routes into OSPF, they \>ill be redistributed with a metric 
of 20. 

To verify the configuration: 
On R3 




cc 


IE R&«* b> Narvik Kuchai-Lans Advanced COE R&S Work Book 2.0 Page 566 of It 

£ 3(109 >iarbik K<ic!i«ri«n«. All rijjhli reserved 


)68 











R3#Show ip route 

Codes: C - connected, S - static. R - RIP. M - mobile, B - BGP 

D - E1GRP, EX - EIGRP external - OSPF, 1A - OSPF inter area 
M - OSPF XSSA external t>pc 1 s N2 - OSPF XSSA external type 2 
El - OSPF external type 1, E2 - OSPF external type 2 
i - IS-1S, su - 1S-1S summary, L I - 1S-1S level- 1,L2 - 1S-1S lcvcl-2 
ia - IS- IS inter area, * - candidate default,, L* - per- user static route 
o - ODR. P - periodic downloaded static route 

Gateway of last resort is not set 

O E2 1.0.0.0/8 (110/201 via 10.1.23.2, 00:01:18, FastElliernetO/0 
O E2 2.0.0.0/8 (110/201 via 10.1.23.2, 00:01:18, FastEtliernetO'O 
C 3.0.0.0/8 is directly connected, LoopbackO 
O E2 4.0.0.0/8 (110/201 via 10.1.23.2, 00:01:18, FastElliernetO/0 
O E2 5.0.0.0/8 (110/201 via 10.1.23.2, 00:01:18, FastEtliernetO'O 

22.0.0.0/32 is subletted, 1 subnets 
O 22.222 [110/2] via 10.1.23.2, 00:01:1 8, FastEthcrnctO 

1 0.1 .0.0/24 is subletted, 2 subnets 
() E2 10.1.12.0 (110/201 via 10.1.23.2, 00:01:20, Fa si Ethernet 0/0 
C 1 0. 1 .23.0 is d ircctly connected, FastEthcractO/0 






Task 3 

R2 should be configured such that the maximum number of prefixes that can be 
redistributed into OSPF routing protocol is 10. 

R2 should generate two warning messages. The first message should occur when the 
number of redistributed prefixes reaches 70% of the configured threshold (10). The 
second message should occur when the 1 0' prefix is redistributed. 






On R2 

R2 (c o n fig -ro u t cr ) S ro ut cr o sp f 1 

R2(config-routcr)£redistribute maximum-prefix 10 70 warning-only 

The above command limits the number of prefixes that can be redistributed into 
OSPF rout in y domain. In this case, the router x>ill generate two warning messages, 
the first one will be generated when 70% of the configured threshold (10) is reached 
and the second message will be generated v*hen the configured threshold (TO) is 

eve ceded. 




cc 


IE R&* b> Narbik Koeharians Advanced CCIE R&S Work Book 2.0 Page S67ofIi 

C 2009 Narbik. Kuchariani. All righti reserved 


)6S 



The initial con fig file has created 1 1 Loop back interfaces for testing purpose. Test 
this policy by advertising these loop back interfaces one at a time and observe the 
warning messages. 



Task 4 

The administrator of Rl is constantly violating the maximum routes policy, in order to 
safeguard against this, you should configure R2 such that only 10 prefixes arc allowed to 
he redistributed into OSPF, if Rl advertises more than 10 prefixes in Eigrp 1 00. R2 
should ignore the extra prefixes. 



On R2 

R 2 1 c o n figure u tcr o sp f 1 

RZfconflg-routcr^no redistribute maximum- pre fix 10 70 warning-only 

R2 1 con fig -router)#rcd is tribute maximum-prefix 10 70 

Since the "warning- only'" key wo I'd is not used, R2 will ignore any advertisement 
above the set threshold. 



Task? 

Erase the startup config and reload the routers before proceeding to the next lab. 



CCIE R&«> by NflrbJk KuehariaiH Advanced CCIE R&S Work Book 2.0 Page S68afJ068 

C2009 Narbik Kucha riaiu. All rijjhu rcirncd 



Lab 12 - OSPF Non-Broadcast Networks 



s 



/ 




/ 



1.1.1.1/3 gflflj im.^/2* 



/ 



/ 



Area 



■■ 



/ 



\ 



\ 




. 4.4A4.S 

\ LaO 



\ 



\ 



N 



3.3.3.3 /a 

LoO 



\ 



\ 



AreaQ 



\ 



\ 



\ 



\ 



X 



30m] 



10.1.1.2 .24 




/ 



12.12 ja 

LaO 



/ 



/ 



/ 



/ 



/ 



Lal> Si'tuu: 



> Configure Rl as the huh and R2. R3 and R4 as spokes. 



> Configure all routers in a Frame-relay Multipoint manner. DO NOT configure 
sub- interfaces on any of the routers. Use the broadcast keyword when configuring 
the "Frame-relay map 1 ' statements. 

> Use the IP addressing chart below tor IP assignment. 



CCIE R&* by NarMk Kuchariaiw Advanced CCIE R&S Work Book 2.0 

C 2009 Varbik Kucha rian«. AH rnjhb racrvfsl 



Page 569 of IMS 



II J addressing: 



Router 


Interface ■' IP address 


Rl 


SO = 1 a 1 . 1 . 1 24 
LoopbackO = 1.1. 1.1 8 


R2 


SO 0= 10. 1.1.2 ,24 
UwpbackG =2.2.2.2/8 


R3 


S0.0 = 10.1.1.3/24 
LoopbackO = 3 n - n - 3 ft 


R4 


90/0 = 10. 1.1.4/24 
LoopbackO = 4.4.4.4 ft 



Task 1 

Configure OSPF on all routers and advertise their directly connected interfaces in Area 0. 
Ensure that loopback interface of these routers arc advertised with their correct mask. 
DC) NOT change the network type to accomplish this task. 



On Rl 

R 1 (c o n fig)#ro uter o sp f I 

Rl (con fig-ro utcr)#nctw 10.1.1.1 0.0.0.0 area 

R 1 (config-rou ter)#n£tw 1.1.1.1 . 0. 0. area 

R 1 (c o n fig-ro u t cr)#in t lo 

Rl (config-ifjrrip ospf network point-to-point 

Note the following command is required since Rl is the huh. 

R 1 (c o n fig)# in t criac c S crialG'O 
R 1 (c o n fig- if)rr i p o sp f p rk) rity 25 5 

On R2 

R2(config)#routcrospf 1 

R2 icon fig-ro uter)#nctw 10.1.1.2 0.0.0.0 area 

R2 (con fig-ro utcr)# net w 2.2.22 0.0.0.0 area 

RZieonfiy-routcrln-int loO 



CC'IE R&!"* h\ .Narbik kucharians 



Ad* ancird CCIE R&S Wurk Book 2.0 
C2Q09 Varbik Kucha rianx All rijliu reserved 



Page 570 of 1068 



R2(config-if)#ip ospf network point-to-point 

On K3 

R 3 ic o n fig )#ro Liter ospf 1 

R3i;config-router)^nctw 10.1.1.3 0.0.0.0 area 
R3(COnfig-router)#netw 3.3.3.3 0.0.0.0 area 

R 3 ( c o n fig-ro u tcr)#in t lo 

R 3 (c o n fig- if)#i p o sp f nctwo rk po in t-to -po i nt 

On R4 

R4 (c o n fig)#ro u tcr o sp f 1 
R4i;config-routcr)^nctw 10. 1. 1.4 0.0.0.0 area 
R4(config-roLitcr)#nctw4.4.4.4 0.0.0.0 arcaO 

R4(config-roLitcr)#int loO 

R4(config-if)#ip ospf network point-to-point 

Note the following command is required so the spokes will NOT participalL 1 in 
DR/BDR election. 

On R2. R3 and R4 

(coniig)# interface ScrialO/0 
(config-ii)#ip ospf priority 

To verify the configuration: 



On Rl 

Rl^Sh ip ospf neighbor 
Rl^Show ip route ospf 

Note there is NO neighbor adjacencies established, as a result of that: there won't he 
any mutes in the OSPF routing table. 

The reason is the OSPF network type, the default OSPF network type on Multipoint 
Frame- relay interface is NO N_ BROAD CAST, the following show command reveals 
the OSPF network type. 

On Rl 



CCIE R&* by Narbik Kueharians Advanced CC1E R&S Work Book 2.0 Page 571 of 1068 

C2009 Narbik Kucha rianx All rights reirrvcii 



RlsShow ip ospf interlace SO/0 



The network type 

'. 



', 



ScrialO/0 is up, line protocol is up 
] ntcrnct Address 10.1.1. 1/24, Area \ 

Process ID 1, Router ID 1 . 1. 1 .1 , Network Type NON_BRO.\DCAST, Cost: 64 
Transmit Delay is 1 sec, State DR. Priority 255 
Designated Router (1 D ) 1 . 1 . 1 . 1 . 1 nterlacc address 10.1.1.1 
No backup designated router on this network 
Timer intervals configured,. Hello 30, Dead 120. Wait 120. Retransmits 

oob-rcsync timeout 120 

Hello due in 00:00:22 
Supports Link-local Signaling (LLS) 
Index 2'2, flood queue 'length 
Next 0x0(0)' 0x0(0) 

Last Hood scan length is 0, maximum is 
Last flood scan time is msec, maximum is msec 
Neighbor Count is 0, Adjacent neighbor count is 
Suppress hello for neighbor (s) 

Since the (ask states that the network type can not he changed, then, the "priority'' 
sub- router configuration command can be used to accomplish this task: in this case 
the priority command needs to be configured on the hub router ONLY. 

On Rl 

R 1 (c o n fig)#ro u t cr o sp f I 
Rl (config-routcr)#ncighbor 1 0. 1 . 1.2 
R I (c onfig-rou tcr)#ncighbor 10.1.1.3 
R 1 (config-rou ter)#ncighbor 10.1.1.4 

"I'm vL'fit'v the tMini'iauration: 
On Rl 



RlnShow ip ospf neighbor 

Neighbor ID Pri State Dead Time Address 

22.2.2 FL'LL'DROTHER 00:01:42 10.1.1.2 

3.3.3.3 FULLDROTHER 00:01:48 10.1.1.3 

4.4.4.4 FL'LL'DROTHER 00:01:50 10.1.1.4 

R NShow ip route ospf 

O 2.0.0.0 S [110 65; via 1 0. 1 . 1 .2, 00:00:52, ScrialO/0 



Interface 
ScrialO/0 
ScrialO/0 
ScrialO/0 



CCIE R&5> by NarMk Kuchariuiw Advanced CC1E R&S Work Book 2.0 

€20419 Narlrib Kucha rianx All rights reserved 



Page 572 a \ 



3.0.0.0 8 [110/65] via 1 0. 1.1.3, 00:0052, ScrialO/0 
4.0.0.0 g [110&5] via 1 0. 1 . 1 .4, 00:00:52, ScrialO/0 

Note once the "Neighbor" command is configured on the hub router, the routers. 
will transition into FULL state and exchange routes. 

Remember, when the "Neighbor" command is configured, all OSPF packets will use 
UN I CAST instead of MULTICAST: Therefore, there the "frame- re lay map" 
commands DO NOT need to be configured with the "Broadcast" keyword. 

On Rl 



Rlfconfig)#intsO/G 

Rl(config-if)#NO frame- relay map ip 10.1.1J2 102 broadcast 
Rl(config-if)#NO frame- relay map ip 10.1.1.3 103 broadcast 
Rliconfig-if)#NO frame- relay map ip 10.1.1.4 104 broadcast 

Rl(config-if)#franK>rclay map ip 10.1.1.2 102 
R 1 (c o n fig- if )# frame- rcl ay map ip 10.1.1.3 103 
Rlfconfig-ity frame-relay map ip 10.1.1.4 104 

On R2 

R2i;confIg)#intS0;'0 

R2ieonfig-if)r*NO frame- relay map ip 10.1.1.1 201 broadcast 

R2i;config-if)#framc-rclay map ip 10. 1.1.1 201 

On R3 

R3(config)#intS0 

R3(config-if)#NO frame- relay map ip 10.1.1.1 301 broadcast 

R3icont1g.if>fram&rclay map ip 10.1.1.1 301 

On R4 

R4(config)#intS0D 

R4(config-if)#N() frame- relay map ip 10.1.1.1 401 broadcast 

R4(config-if)r#framc-rclay map ip 10.1.1.1 401 
To test the confix urati on: 



CCIE R&* by NarMk KueharLans Advanced CCIE R&S Work Book 2.0 Page 573 of 1068 

C 2009 Narbik Kucha rianx All rijliu raerved 













On Rl 








Rl#Show ip route ospf 








2.0.0.0/8 [ 1 10/65] via 1 0. 1 . 1 . 2, 00:00:10, ScrialO/0 
3. 0. .0 S [11 65J via 1 0. 1.1. 3, 00 : : 1 , ScrialO/0 
4.0.0.0 8 LI 1 65J via 1 0. 1 .1 .4, 0(3:00:1 0, ScrialO/0 








On R2 








R2*Sho\v ip route ospf 








O 1.0.0.0/8 [ 110/65] via 10. 1.1.1, 00:072 l,Scrial0/0 
3. 0.0.0/8 [ 110/65] via 10.1.1. 3, 00:07:2 1 , ScrialO/0 
O 4.0.0.0/8 [ 110/65] via 1 0. 1.1.4 00:072 1 , ScriaW/O 








On \tt 








R3#Show ip route ospf 








1.0.0.0.8 [1 10/65] via 1 0. 1 . 1 . 1, 00:07:57, ScrialO/0 
2.0.0.0 8 [110.65] via 10.1.1.2, 0(3:07:57, ScriaW/O 
C ) 4. 0. . 0/8 [ 1 1 0/6 5 ] via 1 (3 . 1 . 1 . 4, (K3 :0 7 :5 7 , ScriaW/0 








On R4 








R4#Show ip route ospf 








1.0.0.0 8 [110/65] via 1 D. 1 . 1 . 1, 0(3:08:30, ScriaW/0 
2.0.0.0 8 [1 10 65] via 1 0. 1.1.2, 0(3:08:30, ScriaW/0 
3. 0. 0.0 8 1 1 1 65] via 1 0. 1 . 1 . 3, (H3:08:30, ScrialO/0 






Task 2 




Ensure that every router has N'LR] to the loopback interfaces advertised 
should use ping to test and verify reachability. 


in OSPF, you 




To test the reachability: 








On R2 






CC 


IE R&«* b> Narvik Kocharians Advanced CC1E R&S Work Book 2.IJ 

C .204)9 Narlrib Kucha riani. All rnjhu reserved 


Page 574 of It 


>6S 



R2#Sho\v ip route Ogpf 

O 1 .0.0 .0/8 [ 1 1 0/6 5 J via 1 . 1 . 1 . 1 , 08 :2 7 2 6 , ScrialO/0 
3.0.0.0/8 [ 1 1 0/65 J via 10.1.1.3, 08:27:26, ScrialO/0 
4.0.0.0/8 [ 1 10/65 J via 1 0. 1 . 1 .4, 08:27:26, ScrialO/0 

Note 112 will not have reachability to networks 3.0.0.0/8 or 4.0.0.0/8, because it docs 

not have layer 2 mapping for the next hop IP address. 

In OSPF NON BROADCAS T network type the next hop IP address is the IP 

address of the router that originated the route and NOT the router that advertised 

it, therefore, the spokes \\\\\ not have NLRI to networks advertised by other spokes, 

this problem can be resolved by configuring the following Frame-relay map 

commands: 

On each spoke a "Frame-relay map"" command is configured for the frame-relay 

interface IP address of the other spokes using their only DLCI pointing to the hub, 

as follows: 

On R2 

RZfconfig)* interface SO/0 
RZieonfig-if^Framc-rclaymap ip 10.1.1.3 201 
R2(config-if)#Frarnc.rclay map ip 10. 1 . 1 .4 20 1 

On R3 

R3(config)# interface SO/0 
R3i;config-if>Framc-rclay map ip 10.1.1.2 301 
R3 (con fig- if)rrFramc- relay map ip 10. 1.1.4 301 

On K4 

R4(config)# interface SO/0 

R4 (con fig- if)r*Framc- relay map ip 10. 1 . 1 .2 40 1 

R4(config-if)r*Frarne- relay map ip 10. 1 . 1 .3 40 1 

To test the configuration: 



On R2 



R2*Ping 3.3.3.3 



Type escape sequence to abort. 

Sending 5. 100-bytc 1CMP Echosto 3.3.3.3 r timeout is 2 seconds: 



CCIE R&S by Narbik Ku char Lam Advanced CC1E R&S Work Book 2.0 Page S?Safl068 

C 3009 Narbik Kuchiriini. All riy h 



1 II II 










Success rule is 100 percent (5/5), 


immd-tr.p 


min/avg'miix = 


112/113/117 


mi 


R2*Ping 4.4.4.4 










Type escape sequence to abort. 

Sending 5 r 100-bytc ICMP Eehosto 4.4,4.4* 

MM* 


.".iv.coui > I seconds 




Success rate is 1(10 percent (5''5), 


round- trip 


rnin/avg'max = 


112/115/120 


ms 


On K3 










R3#Ping 2.2.2.2 










Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Eehosto 2.222, 

MMI 


timeout is 2 seconds: 




Success rate is 100 percent (5/5), 


round- trip 


min/avg'max = 


112/125/168 


ms 


R3#Ping 4.4.4.4 










Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Eehosto 4.4.4.4, 
mil 


timeout is 2 seconds: 




Success rate is 1 00 percent (5/5), 


round-trip 


min/avg'max = 


112/113/116 


ms 


On R4 










R4#Ping 2.2.2.2 










Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Eehosto 2.2.22, 

MMI 


timeout is 2 seconds: 




Success rate is 100 percent (5/5), 


round- trip 


min/avg'max = 


112/121/148 


ms 


R4*Ping 3.3.3.3 










Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Eehosto 3.3.33, 

MM! 


timeout is 2 scco nds: 




Success rate is 100 percent (5/5), 


round- trip 


min/avg'max = 


11 2' 113 '116 


ms 



CCIE R&*> by NarhOc KoeharLaiH Advanced CC1E R&S Work Book 2.0 Page 576 of 1068 

C2009 >iarl>ik Kucha rianx All riflhU raerved 



Task 3 

Erase the startup configuration and reload the routers before proceeding to the next lab. 



CCIE R&«* by Narbik Kuchariaiw Advanced CCIE R&S Work Book 2.0 Page 57? of 1068 

£ £009 N«rl>ik Kucha rlim All rijhu raerved 



Lab 13 - OSPF Broadcast Networks 



/ 



/ 



/ 



/ 



Ama_Q 



/ 




1.1.1.1 /s sq/0 10.1.1.1 #4 



' 




iai,u.'2i 




SQrt) HX1.1.3/24 




3. a 3.3 & 
LoO 



N 



X 



\ 



Area 



X 



SO/O 



10.1.1.2/24 




?.?.?.2,e 

LoO 



\ 



\ 



/ 



/ 



/ 



/ 



s 



l.al> Si 1 tun: 



> Configure Rl as the hub and R2, R3 and R4 as spokes.. 

> Configure ail routers in a Frame-relay Multipoint manner. DC) NOT configure 
sub- interfaces on any of the routers. Use the "broadcast" keyword when 
configuring the "Frame-relay map 1 ' statements. 

> Use the IP addressing chart below tor IP assignment. 



CCIE R&* by Narvik Kuehariaiw Advanced CCIE R&S Work Book 2.0 

C2009 Nvbik Kucha rmni. All rijjhu rciervcii 



Page 578 of 1068 



II J addt Lssinjj; 



Router 


Interface/ IP address 


Rl 


SO =10.1.1.1 04 
LoopbackO = 1.1.1.1/8 


R2 


SO 0= 10.1.1.2/24 
LoopbackO = "'A?.? /8 


R3 


S0.0 = 10.1.1.3/24 
LoopbackO = 3 n - n - 3 /8 


R4 


90/0 = 10. 1.1.4/24 
LoopbackO = 4.4.4.4 ,'8 



I ask 1 

Configure OSPF on all routers and advertise their directly connected interfaces in Area 0. 
Ensure that loopback interface of these routers are advertised with their correct mask. 
You should use OSPF BROADCAST network type to accomplish this task. 



On Rl 

R 1 [c o n fig)#ro u ter o sp f 1 

Rl(config-routcr)#nctw 10.1.1.1 0.0.0.0 area 
Rl i;config-router)#nctw 1.1.1.1 0.0.0.0 arcaO 

Rlfconfig-routcr^int loO 

Rl fconfig-if)rrip ospf network point-to-point 

Note the following command is required since Rl is the hub. 

Rl (config)^ interface Serial 0/0 

Rl fconfig-if)rrip ospf network broadcast 

R 1 fc o n fig- if )#ip o sp f p rio rity 25 5 

On R2 

R2(config)#routcrospf I 

R2i;config-routcr)#nctw 10. 1. 1.2 0.0.0.0 area 
R2(config-routcr)#nctw 2.2.2.2 0.0.0.0 area 



COER&Sb> NarblkKuLharians Advanced CO E R&S Work Book 2.0 

£ 3009 Varl>ik Kucha riani. All rKjIiU raerved 



Page 579 of 1068 



R2(config-routcr)#int loO 

R2(config-if)#ip QSpf network point-to-point 

On K3 

R3 [c o n figure ut cr o sp f I 
R3iconfig-routcr)nnctw 10. 1.1.3 0.0.0.0 area 
R3(config-routcr)#nctw 3.3.3.3 0.0.0.0 area 

R 3 (c o n fig-ro u tcr)#in t loO 

R3(eonfig-if)#ip ospf network point-to-point 

On R4 

R4 ( 'c o n fig )?t ro lifer u sp f 1 

R4(config-routcr)#nctw 10.1.1.4 0.0.0.0 area 
R4(config-routcr)#nctw 4.4.4.4 0.0.0.0 area 

R4 (c o n fig-ro u t cr)#in t loO 

R4 icon fig- if)frip ospf network point-to-point 

Note the following command is required so the spokes will NOT participate in DR.'BDR 
election: it also changes the network type to BROADCAST. 

On R2. R3 and R4 

( config)# interface SerialO'O 
feonlig-if)rrip ospf network broadcast 
(conlig-if)#ip ospf priority 

Tu verify the confiif uratiun: 



On Rl 



Rl^Sh ip ospf neighbor 



Neighbor ID 

3.3.3.3 
4.4.4.4 



Pri State Dead Time Address 

FULL/DROTHER 00:00:32 10. 1. 1.2 

FULL/DROTHER 00:00:33 10.1.1.3 

FULL/DROTHER 00:00:31 10.1.1.4 



Interface 
ScrialO/0 
ScrialO/0 
ScrialO/0 



Rlf*Sh ip route ospf 



CCIE R&«* bv Narblk KuL-harians 



Advanced CCIE R&S Work Book 2.0 

CM09 Narbik Kucha riim All rijhu reserved 



Page S80af 1068 











2.0.0.0'S [110 65J via 10.1.1.2, 00:01:51, ScrialO/0 






3, CXO.0.8 [HO 65J via 1 0. 1.1. 3, 00:0 1 :5 1 , ScrialO/0 






4.0.0.0 8 [110/65] via 10.1.1.4, 00:01:51, ScrialO/0 






On R2 






R2#Show ip route uspf 






1 . 0. 0.0/8 [ 1 10/65] via 1 0. 1 . 1 . 1 , 00:02:29, ScrialO/0 






3.0.0.0 8 [1 10'65] via 10. 1.1.3, 00:02:29, ScrialO/0 






4.0.0.0 8 [110.65] via 10.1.1.4. 00:02:29, ScrialO/0 






On R.3 Note the next hop was NOT changed 






■/.In si like the previous lab 






R 3** S h o w i p ro ut c a sp f y^ / 






1.0.0.0/8 [110/65] via 10.1.1.1, 0&#3l09, SohalO/0 






2.0.0.0/8 [ 1 10/65] via 10. 1 .1 .2,1fo:03:09, SfcrialO/0 






4. 0. .0/8 [ 1 1 0/6 5 ] via 1 . 1 . 1 . 4, 00 : 3 :0 9/Scrial0/0 






On R4 / 






R4#Show ip route ospl" / 






1 . 0. 0.0/8 [ 1 1 0/65] via 10.1.1. £00:03:46, ScrialO/0 






O 2.0.0.0/8 [ 110/65] via 10. 1.1.2, 00:03:46, ScrialO/0 






3.0.0.0/8 [ 1 10/65] via 10. 1 .1 .3, 0(3:03:46, ScrialO/0 






Note Once again the next hop IP address is pointing to the router that advertised the 






route, in this ease the frame-relay solution from the previous lab can also be used as the 






solution to this problem, but remember that the "broadcast'" keyword should NOT be 






used when configuring the "Frame-relay map" statements on the spokes pointing to the 






frame-relay interface IP address of the wilier spokes. 




Task 2 


Erase the startup configuration and reload the routers before proceeding to the next lab. 


CCIE R&* bv Narvik Kucharians Advanced CCIE R&S Work Book 2.0 Page 581 of 1068 


C 2009 Narbik Kucha rianx All rhjhu raerved 



Lab 14 - OSPF Point-to-Point Networks 



/ 



\ 



s 



/ 



Lrtl 10.1.14-4.24- 



AS 

S0n041 




Area 




t 



SttO.12 -::-1-12-1.f24 
SQ0.13 -C.1.1i1.'24 

SO.0.14 -::.1.14-1.'24 




N 



\ 



\ 



\ 



\ 



/ 



1U.1UM ggai L 



10.1.13.3/24 90/0.31 

Leil _ 





Lab Setup: 

> Configure Rl as the huh and R2. R3 and R4 as spokes. 

> Configure all routers in a Frame-relay Point-to-Point manner. 

> Use the IP addressing chart below tor IP assignment. 



II* addressing: 



CCIE R&<* bv Narbik Kucharians 



Advanced CCIE R&S Wurk Book 2.0 

C 2009 Nvbik Kucha riani. All rij|hti reierv«l 



Page 582 of 1068 



Router 


Interface; IP address 


DLCl, Router 


Rl 


SO/0.12 =10.1.12.1 ,24 

SO/0.13 = 10.1.13.1 ;24 
SO ,0.14 =10.1.14.1 ,24 
LoopbackO =1.1.1.1/8 


102,' 112 
103/R3 
1 04 R4 


R2 


SO 0.2! = 10.1.12.2 24 
LoopbackO =2.222/8 


201 Rl 


R3 


SO/0.31 = 10.1.133/24 
LoopbackO = 3 J. 3.3 8 


301 /Rl 


R4 


SO 0.41 = 10.1.14.4 24 
LoopbackO =4.4.4.4 /8 


401 Rl 



Task 1 

Conf-guru OSPF on a'.', routers and ad". ltLsu ihex d : tj ^ L '. j. connuL'tcd xiIltILijjs :n Area 0. 
Ensure that loopback interface of these routers arc advertised with their correct mask. 
You should use the OSPF "Point -to -Point** network type to accomplish this task. 



On Rl 

R 1 (con fig- if)#ro utcr ospf 1 
Rl (con%-routcr)#nctw 1.1.1.1 0.0.0.0 area 
Rl i;config-routcr)*nctw 1 0.1. 12. 1 0.0.0.0 area 
Rli;config-routcr)#nctw 10.1.13.1 0.0.0.0 area 
R I i;config-routcr)#nctw 1 0. 1 . 14. 1 0.0.0.0 area 

R 1 ( c. o n fig-ro a t cr)#in t loO 

Rl (eonfig-if)#ip ospf network point-to-point 

On R2 

R2(config)#routcrospf 1 
R2i;config-router)#nctw 22.22 0.0.0.0 area 
R2i;config-routcr)#nctw 10.1.12.2 0.0.0.0 arcaO 

R2(c onfig-rou tcr)#int loO 

R2(config-if)#ip ospf network point-to-point 



CCIE R&<> bv Narbik Kuchu-iaiu 



Advanced CC1 E R&S Wurk Book 2.0 

C 2009 Virbik Kucha rian«. All rnjhu reserved 



Page 583 of 1068 



On R3 

R3(eonfig)#routcrospf I 
R3(eonfig-routcr)ri ! nctw 3.3.3.3 0.0.0.0 arcaO 
R3(config-routcr)#nctw 1 0. 1. 13.3 0.0.0.0 area 

R3 ( c o n fig-ro Liter)" in t loO 

R3(eonfig-if)#ip ospf network point-to-point 

On R4 

R4(eonfig)#routcrospf I 
R4i;eonfig-routcr)#nctw 4.4.4.4 0.0.0.0 area 
R4i;eonfig-router)#nctw 10.1, 14.4 0.0.0.0 area 

R4 (e o n fig-r o u t cr)#in t k*0 

R4(eonfig-if)#ip ospf network point-to-point 

To verify the configuration: 

On HI 

R l~Show ip route ospf 

2.0.0.0 8 [110 65] via 10.1.12.2,00:02:33, ScrialO/0.12 
3.0.0.0 8 [110 65] via 10.1.13.3, (X):02:33, ScrialO/0.13 
4.0.0.0,8 [110.65] via 10.1.14.4, 00:0233, Scrial0V0.14 

On R2 

R2#Show ip route ospf 

1.0.0.08 [110/65] via 10.1.12.1, 00:03:07, ScrialO/0.21 
3.0.0.0 8 [110 129] via 10.1.12.1, 00:03:07, ScrialO/0.21 
4.0.0.0 8 [110. 129] via 10.1.12.1, 00:03:07, ScrialO/0.21 

10.0.0.0.24 is subnet ted, 3 subnets 
10. 1.14.0 |110/128] via 10.1.12.1, 00:03:07, ScrialO/0.21 
O 10. 1 .1 3.0 [110/128] via 10. 1.12.1, (K):03:07, ScrialO/0.2 1 

On R3 

R3rrSho\v ip route ospf 



COE R&* by NarMk Kucharians Advanced CCIE R&S Work Book 2.0 Page S84oflQ68 

£ 3009 Narbik Kucha riini All rhjhu raerved 



1.0.0.0 8 [110 '65] via 10.1.13.1, 00:04:15, ScrialO/0.31 
10.0.0.8 LI 10 129J via 10.1.13.1, 00:04:15, ScrialQ/0.31 
4.0.0.0 8 [I10/129J via 10.1.13.1, 00:04:15, ScrialO.0.31 

10.0 .0 . 0/24 i s sli bn ctt cd, 3 sub nets 
10. 1.14.0 [110/128] via 1 0. 1.1 3.1 , 00:04: 1 5, ScriaK)/0.31 
10.1.12.0 [110/128] via 10. 1.13.1, 00:04: 15, ScrialO/0.31 

On K4 

R4"Sho\v ip route ospf 

1.0.0.0/8 [ 1 10/65] via 10. 1 .14.1 , 00:05:04, ScrialO/0.4 1 
2.0.0.0/8 [110/129] via 10.1.14.1, 00:05:04, ScrialO/0.41 
3.0.0.0/8 [110/129] via 10.1.14.1, 00:05304, Scrial0/0.41 

10.0.0.0/24 is subnet ted, 3 subnets 
10. 1.13.0 [110/128] via 10. 1. 14.1, 00:05:04, SerialO/0.41 
10.1.12.0 [110/128] via 10. 1.14.1, 00:05:04, ScrialO/0.41 

Note the next hop is changed, this is because of OSPF network type, in OSPF Point- 
to- Point network type, the next hop IP address is no longer the router that 
originated the route, it's the muter that advertised the route. 



Task 2 

Erase the startup configuration and reload the routers before proceeding to the next lab. 



CCIE R&* by Narvik Kuchariaiw Advanced CCIE R&S Work Book 2.0 Page S8SafJ068 

C2009 >iarl>ik Kucha riani. All rijhfci raerved 



Lab IS - OSPF Puint-tu-Miiltipoint Nctworks-I 



/ 



/ 




\ 



N 



/ 



/ 



AreaO 



1-1-1-1 ® SCiO KU.1.1/24 



\ 



\ 



/ 



\ 



SO/0 



\ 



\ 




10,1.14/24 




\ 



X 



i 1 



SO/0 



1a1.-1.2s24 



SO/0 10-1-1-3 S24 



v44 





/ 



/ 



/ 



2.2.2u»S8 • 



LoO 



/ 



y 



L.ali Si-tuu: 



> Configure Rl as the huh and R2. R3 and R4 as spokes. 

> Configure all routers in a Frame-relay Multipoint manner. DC) NOT configure 
sub- interface's on any of the mutcrs. Use the "broadcast" keyword when 
configuring the "Frame- re! ay map 1 ' statements. 

P Use the IP addressing chart below for IP assignment. 



CCIE R&*> bv Narblk KucharLans 



Advanced CCIE R&S Wurk Book 2.0 

C 2009 Varbik Kuchariaru. All rights reserved 



PqgeS86ofl668 



II* ad rins sing: 



Router 


Interface / IP address 


Rl 


SO = 10.1.1.1 .24 
LoopbackO =1.1.1.1 '8 


R2 


90/0 = 10.1.1.2 24 
LoopbackO = 2.2,2.2, '8 


R3 


90/0 = 10.1.1.3/24 
LoopbackO =3 3 3 3/8 


R4 


SO = 10.1.1.4,24 
LoopbackO = 4.4.4.4 /8 



I ask I 

Configure OSPF on all routers and advertise their directly connected interlaces in Area 0. 
Ensure that loopback intcria.ee of these routers arc advertised with their correct mask. 
You should use OSPF BROADCAST network type to accomplish this task. 



On Rl 

Rl (con fig- if)#ro Liter ospf 1 

R 1 (config-rou tcr)#nctw 1.1.1.1 0.0. 0. area 

Rli;config-routcr)#nctw 10.1.1.1 0.0.0.0 area 

Rl (c o nfig-ro Liter )#int loO 

R I (config-if)#ip ospf network point-to-point 

Rl (config-router)#int SO/0 
Rlfconfig-ilVip ospf network Broadcast 

On R2 

R2(config)#routcrospf 1 
R2i;config-routcr)#nctw 2.2.22 0.0.0.0 arcaO 
R2i;config-routcr)*nctw 10.1.1.2 0.0.0.0 area 

R2 ( c o n fig -r o u tcr)#in t loO 

R2(config-if)#ip ospf network point-to-point 



CCIE R&<> bv NarMk Kuirhariami 



Advanced CCIE R&<> Wurk Book 2.0 

CM09 Varbik Kucha riani. All rijhu raerved 



Page 587 uf 1068 



R2(c on fig-ro u tcr)#int SO/0 






R2(config-if)#ip QSpf network Bi 


"oadcast 




On R3 






R3(config)#routcr ospf I 






R3(COiifig-rOiiter)#netw 3.3.3.3 0.0.0.0 area 




R3i;config-routcr)#nctw 10. 1. 1.3 


0.0.0.0 area 





R 3 (con fig-ro utcr)#int loO 






R3(config-if)#ip ospf network point-to-point 




R 3 (c o n fig-ro u tcr)#in t SO/0 






R3(config-if)#ip ospf network Broadcast 




(Jn k4 






R4 (c o n fig J#fO u tcr o sp f 1 






R4 (con fig-ro utcr)#nctw 4.4.4.4 0.0.0.0 area 




R4 fc o n fig-ro Liter)* net w 10.1.1.4 0.0.0.0 area 





R4(config-roLiter)#int loO 






R4(config-if)#ip ospf network pc 


in t-to- point 




R4 (c o n fig-ro u tcr)#in t SO/0 






R4(config-if)#ip ospf network Bi 


-oadcast 




To verify the configuration: 




On kl 






Rl^Sh ip route ospf 






2.0.0.0:8 [ 1 10/65] vk 10. 1.1 


2, 00:00:46, 


SerialO/0 


O 3.0.0.0.8 [110 6Sj via 10. 1.1 


.3,00:00:46, 


ScrialO/0 


4.0.0.0/8 [ 1 1 .0/65] via 10.1.1 .4, 00:00:46, 


ScrialO/0 


On R2 






R 2** Show ip route ospf 






1.0.0.0 8 [11065] via 10.1.1 


1,00:01:07, 


ScrialO/0 


3.0.0.0 8 [110 65] via 10.1.1 


.3,00:01:07, 


ScrialO/0 


4.0.0.0 8 | 110 65' via 10. I.I 


.4, 00:01:07, 


ScrialO/0 



CCIE R&<> b* Narbik Ku char bins Ad* weed CCIE R&S Work Book 2.0 Pqge SS8afl068 

C 2009 Narbik Kocharians. All riflhU raerved 



On K3 

R3#Shcnv ip route ospf 

1 . 0. .0/8 [ 1 1 0/65 J via H). I.I. K 00:0 1:15, ScrialO/0 
O 2.0.0.0 8 [110 '65 J via 10. 1.1.2, 00:01:15, ScrialO/0 
4.0.0.0 8 LI 1 65J via 10. 1.1.4, 00:01:1 5, ScrialO/0 

On K4 

R4r*Show ip route ospf 

1 . 0. .0/8 [ 1 1 0/6 5 J via 1 . 1 . 1 . 1 , 00 :0 1 0.2 , ScrialO/0 
2.0.0.0/8 [110/65] via 10.1.1.2, 00:01:22, ScriaW/0 
3, 0. .0/8 [ 1 1 0/6 5 J via 1 . 1 . 1 . 3, 00 : 1 :22 , ScriaW/O 



Task 2 

Ensure that the routers have rcae Inability to every Loopback interlace advertised in OSPF 
routing protocol, DC) NOT use the "Frame-relay map" command or any global 
configuration command as part of the solution to accomplish this task. 



On All Routers: 

(config)#int sO.'O 

(conlig-it)#ip ospf net point-to-multipoint 

To verify the configuration: 

On R2 

R2"Sho\v Ip route ospf 

1.0.0.0 8 LH0/65J via 10. 1.1.1, 00:00:51, ScrialO/0 

3.0.0.0/8 [110/129] via 10.1.1.1,00:00:51, ScrialO/0 

O 4.0.0.0/8 [110/129] via 10.1.1.1, 00:00:51, ScrialO/0 

1 0.0.0.0/8 is variably subnetted, 4 subnets, 2 masks 
() 10.1.1.3/32 1110/1281 via 10.1.1.1, 00:00:51, Serial0/0 
O 10.1.1.1/32 1 110/641 via 10.1.1.1, 00:00:51, SerialO 
() 10.1.1.4/32 1110/1281 via 10.1.1.1, 00:00:51, SerialO 



CCIE R&«, bv Narblk KucharLans Advanced CCIE R&S Work Book 2.0 Page S89oflQ68 

C 10419 Virbik Kucha runt. All righu raervetl 



On K3 

R3f*Sho\v ip route ospt' 

I . ft .0/8 [ 1 1 0/6 5 J via 1 . 1 . 1 . 1 , 00 : :5 7 , ScrialO/0 

10.0.08 [110/129] via 10.1.1.1,00:00:57, ScrialO/0 

4.0.0.0 8 [110/129 J via 10.1.1.1, 00:00:57, ScrialO/0 

1 0.0.0.0/8 is variably subnetted, 4 subnets, 2 masks 
() 1 D. 1. 1.2/32 1 1 1 0/ 1 281 via 1 0.1.1.1, 00:00:57, SerialO/0 
() 1 0. 1.1. 1/32 1 1 1 0/641 via 1 0. 1.1.1, 00:00: 57, SerialO'O 
() 10.1.1.4/32 [110/123] via 10.1.1.1, 00:00:57, SerialO 

On R4 

R4frSho\v ip route ospf 

1.0.0.0/8 [110/65] via 10. 1.1.1, QD:0l306, ScrialO/0 

2.0.0.0/8 [ 1 10/129] via 10. 1.1.1, 00:0 1 :06, ScrialO/0 

10.0.0/8 [ 1 10/129] via 10.1.1.1, 00:0 1 :06, ScrialO/0 

10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks 
() 10.1.1.2/32 (110/1281 via 10.1.1.1, 00:01:06, SerialO 
10.1.1.3/32 1110/1281 via 10.1.1.1, 00:01:06, SerialO/ 
() 10.1.1.1/32 1110/641 via 10.1.1.1, 00:01:06, SerialO' 

Note OSPF Point-to-Multipoint network type creates a host route for the IP address 
of all the interfaces connected to the frame-relay cloud, and because of this 
behavior, the spoke routers can mm have NLRI to all the other spoke routers, and 
the next hop IP address of the advertised prefixes is set based on the advertising 
router and NOT the router that originated the route, unless the advertising and the 
originator of the mute happens to be the same router. 

To Test the configuration: 



On R2 

R2*Ping 3.3.3.3 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echos to 3.3.3.3, timeout is 2 seconds: 



Success rate is 100 percent (5/5), round-trip min/avg'max = 1 12/113/1 17 ms 
R2#Ping 4.4.4.4 



CCIE R&S by \iu-Mk Kuchariuns Advanced CC1E R&S Work Book 2.0 Page 590oflQ68 

C20Q9 Narbik Kucha runs. All rig lib raervtii 













Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 4.4.4.4, timeout is 2 seconds: 

| MM 








Success rate is 100 percent (5/5), round-trip min/avg'max = 1 12/114/124 ms 








On R3 








R33Piiig 2.2.2.2 








Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 2.2.2.2. timeout is 2 seconds: 

1 M M 








Success rate is 100 percent (5/5), round-trip min/avg'max = 1 12/114/120 ms 








R3#Ping 4A4.4 








Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 4.4.4.4, timeout is 2 seconds: 

(MM 








Success rate is 100 percent (S'5>, round- trip min/avgmax = 112/1 13/1 17 ms 








On R4 








R4#Piny 2.2.2. "> 








Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 2.2.22, timeout is 2 seconds: 

( M M 








Success rate is 100 percent (5/5), round-trip min/avg'max = 1 12' 113/1 17 ms 








R4#Ping 3.3.3.3 








Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 3.3.3.3, timeout is 2 seconds: 

1 M M 








Success rate is 100 percent (5/5), round-trip min/avg'max = 1 12/113/1 16 ms 






Task 3 




Erase the startup configuration and reload the routers before proceeding to the next lab. 




CCIE R&«* by Narbik KuL-harians Advanced CC1E R&S Work Book 2.0 Page 59! 

E Kill 9 Narbik Kuchariani. All righ U rntrvtd 


ofJ06S 



Lab 16-OSPF Point-to-Multipoint Nctworks-II 



S 



/ 



/ 



I 



I 



LcO 



LcO 



\ 




N 



\ 



\ 



\ 



\ 



\ 



Area 



\ 



\ 



\ 



I 



FC/O 



10,2.2.0^24 



LcO 



/ 




CCIE R&«> by Narhik Kuehariaiw Advanced CCIE R&S Work Book 2.0 

C2009 Varbik Kucha riani. All rijjhu rt-jcrvcii 



Page 592 of 1068 



Lab Setup: 



> Configure R 1 as the hub and R2. R3 as spokes. 

> Configure all routers in a Frame- relay Multipoint manner. EX) NOT configure 
sub- interface's. 

> FO/0 interface of R3 and R4 should be configured in VLAN 34. 

> These routers should use the "broadcast" keyword when configuring the "Frame- 
relay map" statements. 

> Use the IP addressing chart below tor IP assignment. 



IP addressing: 



Router 


Interface / IP address 


Rl 


SO/0 =10.1.1.1 /24 
LoopbackO =1.1.1.1 '8 


R2 


SO/0 = 10.1.1.2 '24 
Loop hat Id) = 2.2.2.2 /8 


R3 


SO = 10.1.1.3/24 
FOG = 10 ,7?3/74 
LoopbackO = 3.3.3.3/8 


R4 


FO/0 =10.2.2.4 '24 
LoopbackO = 4.4.4.4 '8 



I ask 1 

Configure OSPF on all routers and advertise their directly connected interfaces in Area. 0. 
Ensure that loopback interlace of these routers arc advertised with their correct mask. 
Ensure that the OSPF BROADCAST network type is configured on the OSPF enabled 
interfaces except the loopbacks. 



On All Routers 

(config-if)#int loO 

(conlig-itVip ospf net point-to-point 



COE R&«s b) Narbik kuL-hariara Advanced CCIE RAS Work Book 2.0 

C20Q9 Narlrib Kucha rianx All rijhU ratrvnl 



Page 593 of 1068 



On R2 and K3 

(conlig)#int sO/0 
(config-iiVip ospf priority 
(config-if)#ip ospf net broadcast 

On Rl 



R 1 (c o n fig)#ro titer o sp f I 

R 1 (config-rou tcr)#nctw 1 . 1 . 1 . 1 . 0. 0. arc 

R] i;config-routcr)#nctw 1 0. 1. 1. 1 0.0.0.0 area 

Rli;config)#intsO/0 

Rl (config-if)#ip ospf priority 255 

On R2 

R2 f c o n fig)#ro Liter o sp f 1 
R2i;conf]g-routcr)#nctw 2.2.22 0.0.0.0 area 
R2(config-routcr)#nctw 10.1.1.2 0.0.0.0 arc 

On R3 

R 3 (eonfig)#ro Liter ospf 1 
R3i;config-routcr)#nctw 3.3.3.3 0.0.0.0 arc 
R3(config.routcr)#nct\v 10.2.2.3 0.0.0.0 arcO 
R3(config-routcr)#nctw 1 0. 1. 1.3 0.0.0.0 arc 

On R4 

R4(config)nro utcr ospf 1 
R4(config-roLitcr')#nctw 4.4.4.4 0.0.0.0 arc 
R4(config-routcr)#nctw 10.2.2.4 0.0.0.0 arc 



To verity the configuration: 



On Rl 

Rl#Sh ip route ospf 

O 2.0.0.0/8 [ 110/65] via 10.1.1.2, 00:00305, ScrialO/0 
3. 0.0 .0/8 [ 1 1 0/6 5] via 10. 1.13, 00 : :0 5 , ScrialO '0 
10.0.0.0 24 is subnet ted. 2 subnets 



CCIE R&«> by \w-Uk Kuehariuiw Advanced CCIE R&S Work Book 2.0 Page 594 of 1068 

£30419 Narbik Kucha riant. All rights reserved 



10.2.2.0 [ 110/65] via 10.1 .1.3, 00:00:05, ScrialO/0 

On R2 

R-^Sh ip route ospf 

O 1 .0.0 m [ 1 1 0/6 5 J via 1 . 1 . 1 . 1 , DO :0 :34 , ScrialO/0 
3. ft 0.0 8 [ 1 1 0. 65] via 1 0. 1 . 1 . 3, 0(3:00:34, ScrialO/0 
Q 4.0.0.0/8 [110/66] via 10. 1.1.3, 00:0034, ScrialO/0 

10.0.0.024 is subletted, 2 subnets 
10.2.2.0 [110/65] via 10.1. 1.3, 00:00:34, ScrialO/0 

On R3 

I^Sh ip route ospf 

O 1 .0.0 .0/8 [ 1 1 0/6 5 J via 1 . 1 . 1 . 1 , 00 : :0 5 , ScrialO/0 
2.0.0.0/8 [ 110/65] via 1 0. 1.1.2, 0(3:00:05, ScrialO/0 
O 4.0.0.0/8 [ 1 10/2 J via 10.2.2.4, 00:00:05, FastEtbcrnctO/0 

On K4 

R4#Sh ip route ospf 

1.0.0.0 8 L 1 1 66. \ :a 1 0.2.2.3, 00: 13:48, FastEthcrnctO/0 
2.0.0.0/8 [110/66] via 10.22.3, 00:13:48, FastEthcrnctO 
3.0.0.0/8 [110/2] via 10.2.2.3, 00:13:48, FastEthcmctO/0 

10.0.0.0 24 is subletted, 2 subnets 
10. 1.1.0 [110/65] via 102.2.3, (X): 13:48, FastEthcrnctO/0 



Task 2 

Ensure that these routers ean Ping every loopback interface advertised in this routing 
domain. DO NOT use Frame-relay map,, static routes, run PPP on the interfaces or any 
global configuration command as part of the solution to accomplish this task. 



On Rl. K2 and R3 

(config^intSO/O 

(config-il)#ip ospf network point-to-multipoint 



CCIE R&5> by Narhlk kuchariaiw AdtuicedCClE R&S Work Book 2.0 Page S95 of 1068 

£ 2009 NarbikKochariaiu. All rijIiU raerved 



On K3 and K4 

(coniig)#intF0 

(config-itV^ip ospf network point-to-multipoint 



lo vL'ritv thi' configuration: 



On Kl 

Rl^Sh ip route ospf 

O 2.0*0.0/8 [1 10 "65] via 1 0, 1 . 1 .2, 00:02:07, ScrialO/0 

10.0.0.8 LI 1 65J via 10. 1.1.3, 0(3:02:07, ScrialO/0 

4.0.0.0/8 [ 110/66J via 1 0. 1 . 1 . 3, 00:02:07, ScrialO/0 
10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks 

10. 1 .1 2/32 [1 10/64 J via 10. 1. 1 .2, 00:02:07, ScrialO/0 

10.22.3/32 [1 10/64] via 1 0. 1. 1 .3, 00:02:07, ScrialO/0 

10. 1.1.3/32 [110/64] via 1 0. 1. 1 .3, 00:02:07, ScrialO/0 

10.22.4/32 [1 10/65 J via 1 0.1. 1 .3, 00:02:07, ScrialO/0 

On K2 

R2*Sh ip route ospf 

1.0.0.0 8 [110 '65] via 10.1.1.1, 00:01:40, ScrialO/0 

3. 0. 0.0. 8 [ 1 1 0: 1 29] via 1 0. 1 . 1 . 1 , 00:0 1 :40, ScrialO/0 

4. 0. .0/8 [ 1 1 0/1 30] via 10.1.1.1, 00:0 1 :40, ScrialO/0 

10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks 

Q 10.22.3/32 [110/128] via 10.1.1.1, 00:01:40, ScrialO'O 

10. 1.1.3 32 [110/128] via 10.1. 1.1, 00:01 :40, ScrialO/0 

1 0. 1.1.1 .'32 [ 1 10/64] via 10.1.1.1, 00:0 1 :40, ScrialO/0 

Q 1 0.22.4/32 [1 10/129] via 10.1.1.1, 00:0 1 :40, ScrialO'O 

On K3 

R3#Sh ip route ospf 

1. 0.0.0 8 [1 1 65] via 10. 1.1. 1, 00:0 1 :! 9, ScrialO/0 

2.0.0.0 .8 [110. 129] via 10.1.1.1, 00:01:19, ScrialO/0 

4.0.0.0/8 [ 1 10/2] via 102.2.4, 00:0 1: 1 9, FastEtbcrnctO/0 

10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks 
Q 1 0. 1 . 1 2/32 [ 1 1 0/128] via 1 0. 1.1.1, G0:0 1:19, ScrialO'O 
10. 1.1.1/32 [110/64] via 10.1.1.1, 00:01:19, ScrialO'O 
O 1 0. 2.2.4 32 1 1 1 1 ; via 1 0.2.2.4, 00:0 1 : 1 9, FastEthcrnctO 



CCIE R&*» b\ Narhlk Kuirhariaiw Adt uiccd CC1E R&S Work Book 2.0 ?age 596 of 1068 

C 2009 Xarbik Kucha rianx AH rij[hU rcirrvcil 



On K4 

R4#Sh ip route ospf " 

1.0.0 .0/8 [ 1 1 0/6 6 J via ] .2 2 . 3, 00 :00 :40 , FastEthcrnctO/ 

20.0.0.8 [110/130] via 10.2.2.3, 00:00:40, FastEthcrnctO 

3.0.0.0/8 [ 1 10/2 J via 10.2.2.3, 00:00:40, FastEtbcrnctO 

10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks 
10.1.12/32 [110/129] via 102.2.3, 00:00:40, FastEthcrnctO 
10.22.3/32 [110/1] via 10.22.3, 00:00:40, FastEthcrnctO/0 
1 ft 1 . 1 .3/32 [110/1] via 10.2.2.3, 00:00:40, FastEthcrnctO 
10. 1.1.1/32 [110/65] via 10.2.2.3, 00:00:40, FastEthcrnctO 

10 test the configuration: 



On R2 

R2#Piijg 3.3.3.3 

Type escape sequence to abort. 

Sending 5, 100-bytclCMP Echosto 3.3.3.3, timeout is 2 seconds: 

MMI 

Success rate is 10(1 percent (5/5), round-trip min/avg'max = 1 12/116/124 ms 

R2sPing 4.4.4.4 

Type escape sequence to abort. 

Sending 5, 100 -byte 1CMP Echos to 4.4.4.4, timeout is 2 seconds: 



Success rate is 100 percent (5/5), round-trip min/avg'max = 1 12/116/124 ms 

On K3 

R3#Ping 222.2 

T>pc escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echos to 22.2.2, timeout is 2 seconds: 



Success rate is 100 percent (5/5), round-trip min/avg'max = 1 12/114/124 ms 

On R4 

R4#Pine I.I.I. I 



CCIE R&«» b\ Narbik Kuchai-ians Adt uiccd CCIE R&S Work Book 2.0 Page 59? of 1068 

E 2009 Narbik Koduiruiiu. All rift- h Unnerved 



Type escape sequence to abort. 












Sending 5 , lOO-bytc ICMP Echo s to 


1.1. 


.1* 


timeout is 2 seconds: 




| MM 












Success rate is 10(1 percent (5/5), n. 


und- 


i.r.p 


min/avg'max = 


56/58/61 


ms 


R4#Ping 2.2.2.2 












Type escape sequence to abort. 












Sending 5, 100-bytc ICMP Eehosto 


?■)"!"! 


timeout is 2 seconds: 




( M M 












Success rate is 100 percent (5*5), rt 


und- 


tnp 


min/avg'max = 


112 '114.' 


116ms 



Task 3 

Erase the startup configuration and reload the routers before proceeding to the next lab. 



COE R&«* by Narbik KoeharLans Advanced CC1E R&S Work Book 2.0 Page S98afJ068 

C 2009 Xarbik Kuchiriani. All rij|hU rtiervtii 



Lab 17- OSPF Point-to-Multipoint NON- 
BROADCAST Networks 



/ 



/ 



S 



LoO 



\ 



\ 



\ 



\ 




\ 



\ 



\ 



AreaO 



V 



/ 



\ 



s. 



iai^34oy2-i 




/ 



/ 



/ 



/ 



CCIE R&* by Narvik Kurtiariaiw Advanced CCIE R&S Work Book 2.0 

£ 3009 Varbik Kucha rianx All rijjhu rctervnl 



Page 599 of 1068 



Lab Setup: 

> Configure Rl as the hub and R2, and R3 as spokes. 

> Configure all routers in a Frame-relay Multipoint manner. DC) NOT configure 
sub- interfaces on any of the routers. Use the "broadcast 1 ' keyword when 
configuring the "frame-relay map" statements. 

> Configure the FO/O interlace of R2 S R3 and R4 in VLAN 234 

> Use the IP addressing chart below for IP assignment. 

IP illicit -L'ssinij: 



Router 


Interface / IP a ci dress 


Rl 


SO = 1 0. 1 . 1 . 1 24 
LoopbackO = 1. 1.1.1/8 


R2 


SO/0 = 10.1.1.2/24 
F0 = 10.1.234.2/24 


R3 


SO = 10.1.1.3/24 
F0 = 10.1234.3/24 


R4 


LoopbackO = 4.4.4.4 S 
F0/0= 10.1.234.4/24 



I ask 1 

Configure OSPF on all routers and advertise their directly connected interlaces in Area 0. 
You should use OSPF BROADCAST network type on the frame-relay interfaces to 
accomplish this task. 
Ensure that loopback interface of R I and R4 arc advertised with their correct mask. 



On Rl 

Rl (config-if)frroLitcr ospf I 

Rl (config-routcr)*nctw 1.1.1.1 0.0.0.0 arcaO 

Rli;config-routcr)#nctw 10.1.1.1 0.0.0.0 area 



CCIE R&<> bx Narbik Kucharians 



Advanced CCIE R& S W urk Book 2.0 

C 2009 Narbik. Kucha rianx All righti raerved 



Page 600 of 1068 



Rl(config-roiitcr)#int loO 

Rlfeonfig-if)#ip QSpf network point-to-point 

Rl (c o n fig-ro liter)* in t SO/0 

Rl (config-if)#ip ospf network Broadcast 

Rl(config-ii>ip ospf Priority 255 

On R2 

R2(config)#routcrospf 1 

R2 (con fig-ro utcr)#nctw 10.1. 1.2 0.0.0.0 area 

R2 icon fig-ro utcr)#nctw 10.1.234.2 0.0.0.0 area 

R2(config-roLitcr)#int S0/0 
R2(config-if)#ip ospf network Broadcast 
R2(config-if)#ip ospf Priority 

On R3 

R 3 (c o n fig )# ro titer sp f I 

R3(config-routcr)#nctw 10.1. 1.3 0.0.0.0 area 
R3 icon fig-ro utcr)#nctw 10. 1.234.3 0.0.0.0 area 

R 3 ( c o n fig-ro u tcr)#in t S0/0 
R3fconfig-if)#ip ospf network Broadcast 
R 3 (c o n fig- if)#ip ospf P rio r i t y 

On R4 

R4 (c o n fig)#ro u tcr o sp f I 

R4 (c o n fig-ro u ter)#netw 4 . 4. 4 .4 . 0. 0. area 

R4(config-routcr)#nctw 10.1.234.4 0.0.0.0 arcaO 

R4 (con fig-ro utcr)#int loO 

R4(config-if)#ip ospf" network point-to-point 

To verify the configuration: 

On Kl 

Rl^sh ip route ospf 

4.0.0.0:8 [110/66] via 10. 1.1.3, 0(3:00:21, SerialO/0 
1 1 1 66 J via 1 0. 1 . 1 .2, 00: 00:2 1 , SerialO/0 



CCIE R&*» b\ Narbik kuchai-Lans Adtanced OCIE R&S Work Book 2.0 Pqge 601 of 1068 

C2009 NirlrikKuch iriini. All riji h U rci cntd 



10.0.0.0. 24 is subletted, 2 subnets 
10. 12340 [110/65] via 1 0. 1 . 1 3, 00:00:2 1 , ScrialO/0 
[ 1 10/65] via 10.1 J 2, 00:00:2 1 , ScrialO/0 

On R2 

R2frSho\v ip route uspf 

1.0.0.0/8 [110/65] via 10.1. 1.1, 00:01:52, ScrialO/0 

4.0.0.0/8 [110/2] via 10.1.234.4, 00:01:52, FastEtbcrnctO/0 

On 1^3 

R3r*Show ip route ospl' 

i . 0. 0.0 8 [ 1 1 0/65] via 1 0. 1 . 1 . i , 00:00:08, ScrialO/0 

( ) 4. ft 0.0.8 [11 0/2 ] via 1 . 1 .234 .4 , 00 : :0 8 , Fas tE t hcrnctO/0 

On R4 

R4~Show ip route ospf 

1.0.0.0/8 [ 1 10 66] via 10. 1 .234.3, 00:00:1 9, FastEthcrnctO 
[110/66] via 10.1.234.2, 00:00:19, FastEthcrnctO/0 
1 0.0.0.0 24 is subnet ted, 2 subnets 
LOl 1.1 .0 [ 1 1 0/65] via 10. 1 .234.3, 00:00: 1 9, FastEthcrnctO/0 
[1 10/65] via 10.1234.2, 00:00:19, FastEthcrnctO/0 



Task 2 

R2 has a fram c- relay eir of 64Kbps and R3 has a frame-relay cir of 128Kbps, ensure that 
Rl traverses through R2 to get to the networks down stream to R2 and R3, Rl should 
ONLY traverse through R3 if R2 is down. DO NOT use PBR to accomplish this task. 



Note both R2 and R3 are advertising a cost ofl (Ref = 100, 000,000 bps/ Bandwidth 
= 100,000,000 bps) for network 4.0.0.0 8, Rl adds its cost of 64 through the Frame- 
relay interlace (Ref = 100,000,000 / Bandwidth = 1,544,000 bps) to the cost that is 
advertised to it by these two routers, as a result of that, Rl performs equal cost load 
balancing, remember R2 or R3"s frame-relay cost is NOT calculated. 

One possible method of dealing with this scenario is to configure Rl's frame-relay 



CCIE R&S by Narfaflc KucharLans Advanced CC1E R&S Work Book 2.0 Page 602 of 1068 

C 2009 Xarbik Koch* runs. All ri||hUraerv«l 



interface with OSPF Point-to-Multipuint Non-Broadcast network type, this network 
tvpe allows Rl to associate a cost to each of it's downstream neighbors, the neighbor 
with a lower cost will he chosen as the best route. 

Remember in order for 2 OSPF routers to exchange mutes the network types must 
match, hut there are 2 exceptions to this rule and they are as follows: 

1 . A Point-to-Multipoint 4"^ Point-to-Point 

2. A Broadcast ^^ Non-broadcast 

In this case the first option is exercised as follows: 
On Rl 

Rl(config)#intSa'D 

Rl ieonfig-if)#ip ospf network point-to-multipoint non-broadcast 

The following command changes the OSPF hello-interval to match R2 and R3*i 
hello-interval 

R 1 (c o n fig- iiy i p o sp f hello - in tcrval 1 

Rl (config-if)#routcr ospf 1 

R 1 [c o n fig-ro u t cr )# ncighbo r 1 . 1 . 1 . 2 c o st I 

Rl (con fig-rout cr)#ncighbor 10.1 . 1.3 cost 2 

The following command changes the network type of R2 and R3 to point-to-point. 

On R2 and R3 

(CMfig)#mt SGfl 

( c o nl ig- i t)#i p o sp f net wo rk p o in t - to - po i nt 

To verify the configuration: 

On Rl 

R l^Shcnv ip route ospf 

O 4.0.(1.0/8 [110/3| via 10.1.1.2, 00:00:21, Seria 10. 

10.0.0.G'24 issubnetted 2 subnets 
O 10.1.234.0 1110/21 via 10.1.1.2, 00:00:21, SerialO/0 



CCIE R&$ by Narbik Kuchariaiw Advanced CCIE R&S Work Book 2.0 Page 603 of 1068 

C2009 >uirl>ik. Kucha riim All riflhU raerved 



Task 3 

Erase the startup configuration and reload the routers before proceeding to the next lab. 



CCIE R&«* by Narbik Kuchariaiw Advanced CCIE R&S Work Book 2.0 Page 604 of 1068 

£ £009 >iarl>ik Kucha rlim All rij|hu raerved 



Lab 18 
OSPF and NBMA 




Lab Setup: 

> R 1 should be configured with three sub- interfaces; the first sub-interface should 
be configured in a point-to-point manner connecting Rl to R2. R2 should not use 
a sub-interface for this connection. 

> The second and the third sub-interface of Rl should be configured in a multipoint 
manner, one connecting Rl to R3 and the other one connecting Rl to R4. 

> R3 should be configured in a point-to-point manner. 

> R4 should NOT use a sub-intcriacc for it's coniiLVLon to R 1. 



CCIE R&«* by NarMk Kuchariuiw Advanced CCIE R&S Work Book 2.11 

C 1009 N«rl>ik Kucha riim All rujhu reserved 



Page 60S of 1068 



II* Ad dressing: 



Router 


Interface 


IP address 


Area 


Rl 


LoO 


1.1.1.1 .8 


Area 




SO .0.12 


10.1.12.1 ,'24 


Area 2 




SOU 13 


10.1.13.1 .'24 


Area 3 




SO/0. 14 


10.1.14.1 24 


Area 4 


R2 


LoO 


2.2.12 ;s 


Anea 2 




SO/0 


10.1.12.2/24 


Area 2 


R3 


LoO 


T T T T iO 

5*3* J* J . O 


Area 3 




SO. 0.31 


10.1.13.3 24 


Area 3 


R4 


LoO 


4.4.4.4 .'8 


Anea 4 




Sii'li 


10.1.14.4 '24 


Area 4 



Task 1 



kl should bf the l)k in all I'ases. it' one- is required. 



Configure OSPF on all routers and advertise their directly connected networks in their 



assigned area identified in the IP addressing chart. 



On kl 

R 1 fc o n fig )#ro u t cr o sp f 1 

Rli;eonfig-router)#nct\v 1 0. 1. 12. 1 0.0.0.0 arc 2 
Rl(config-routcr)#nct\y 10.1.13.1 0.0.0.0 arc 3 
Rli;config-routcr)#nctw 10.1.14.1 0.0.0.0 arc 4 
Rl(config-routcr)#nctw 1.1.1.1 0.0.0.0 arc 

On K2 

R2(config)r#routcrospl' I 
R2iconfig-routcr)^nct\v 0.0.0.0 0.0.0.0 area 2 

On R3 

R 3 ( c o n fig )n ro u t cr o sp f I 
R3i;config-routcr)#nct\v 0.0.0.0 0.0.0.0 area 3 

On R4 



CCIE R&!s bv Narbik Kuirharians 



Advanced CC1 E RA.S Work Book 2.0 

C 2009 Virbik Kucha riant. All righ U raervtil 



Page606ofJ068 



R4(config-if)#routcr ospf ] 

R4(config-rou tcr)#nctw 0. 0. 0.0 . 0. 0. area 4 



Task 2 

Ensure that when the routers in area 2 attempt to establish a neighbor adjacency they arc 
successful (FULL STATE), but no routes arc exchanged. DC) NOT configure R2 to 
accomplish this task. 



On kl 

Rl(config)#im S0A.12 

Rl (config-subif)#ip ospf network point-to-multipoint non-broadcast 

R 1 (c o n figjfrro liter o sp f 1 

R 1 (config-rou tcr)#ncighbor 10.1.12.2 

To vL'fit'v tliL- confix untti on: 

On kl 

RlnShow ip ospf neighbor 

Neighbor ID Pri State Dead Time Address Interface 

2.2.2.2 FULL/ - 00:01:49 10.1.12.2 SerialO/0.12 

33.3.3 FULL/ - 00:00:38 10.1.13.3 SerialO/0.13 

Rl^Show ip route 

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP 

D - E1GRP, EX -E1GRP external, O - OSPF, IA - OSPF inter area 
XI - OSPF NSSA external type I , N2 - OSPF NSSA external type 2 
El - OSPF external type 1, E2 - OSPF external type 2 
i - 1S-1S, su - 1S-1S summary, LI - 1S-1S level- 1,*L2 - IS-IS levcl-2 
ia - IS-IS inter area. * - candidate default, U - pcr-uscr static route 

o - ODR, P -periodic downloaded static route 

Gateway of last resort is not set 

C 1 .0. 0. 0/8 is d ircctly connected, LoopbackO 



CCIE R&i's b\ Narbik Kuirhariaiw AchancLii CC1E R&S Work Book 2.0 Page 60? of 1068 

£2009 Narbik Kuchariani. All rijhUi rcicnnl 



c 


10. 1.14.0 


s directly 


connected, 


ScrialuVO. 


14 
















C 


10.1.12.0 


s directly 


connected. 


SeriftUVO. 


12 
















c 


10. 1.13.0 


s directly 


connected. 


ScrialO/0. 


13 
















Note 


the two routers are 


in Full stal 


e hut they have not 


ex than 


ged 


niu 


tes. 


Thi 


s can 


also be accomp 


ished with "point-to 


-multipo 


int" 


netwo 


rk type 













Task 3 

Ensure that the routers in area 2 can establish an OSPF neighbor adjacency. R2 should 
not be configured at all to accomplish this task. 



On kl 

Rl(config)#intSO/O.I2 

Rl (config-subif)#ip ospf network non- broadcast 

Rl(config-subif)#ip ospf priority 255 

Rl (config)#ro titer ospf I 

R 1 (config-rou tcr ^neighbor 10.1. 12.2 

Note the "ip ospf priority'" command is required to make Rl the DR. When frame- 
relay is configured directly under the physical interface (Multipoint), the OSPF 
network type \>ill default to non-broadcast. In this task the network type of Rl's 
interface sO/0.12 is also changed to non-broadcast to match R2"s network type. In 
non-broadcast networks the "neighbor'" command in router config mode must be 
configured so the OSPF hello packets are exchanged via Unicast. 

To Verify the configuration: 



On kl 

R l-Show ip route 

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP 

D - E1GRP, EX -E1GRP external, O - OSPF, 1A - OSPF inter area 
XI - OSPF NSSA external type I , N2 - OSPF NSSA external type 2 
El - OSPF external type 1 , E2 - OSPF external type 2 
l - IS-1S, su - 1S-1S summary, LI - 1S-1S lcvcl-l,*L2 - 1S-1S levcl-2 
;a ■ IS- IS inter area, * - candidate default, L" • per- user static route 



CCIE R&*> b\ Narhlk Ku char Urns Advanced OCIE R&S Work Buok 2.11 Pqge 608 of 1068 

C 2009 Virbik Kucha riam. All rnjhU reserved 



o - ODR, P - periodic downloaded static route 

Gateway of last resort is not set 

C 1.0 .0 . 0/8 i s d i rcc t ly co n n cc ted , Loo p b ac kO 
2.0.0.0/32 is sub netted, 1 subnets 

O 2.2.2.2 1110/651 via 10.1.12.2, 00:00:08, SerialO/0.12 

10.1.0.0 24 is subnet ted 3 subnets 
C 1 0. 1 . 14.0 is d ircctly connected, Scrial0/0. 14 
C 1 0. 1 . 1 2.fl is d ircctly connected, ScrialO/0. 12 
C 10. 1.13.0 isdircctlv connected. ScrialG'0. 13 



Task 4 

Area 3 should be configured in a point-to-point network type, only one of the routers 
should be changed to accomplish this task. 



On Kl 



Rli;config)#intSO.O.I3 

R 1 fc o n fig-s ub if)#ip o sp f net po in t-to - no i nt 



In the earlier IDS releases when an interface' was changed from "non-broadcast" to 
"point-to-point'" we had to change the hello interval as well, because if the hello 
intervals did not match, the routers did not form neighbor adjacency. In the latest 
I OS releases the hello intervals automatically change when the network type is 

changed. 

To verify the configuration: 



On Kl 

R If* Show ip route 

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP 

D - E1GRP, EX - E1GRP external, O - OSPF, 1A - OSPF inter area 
M - OSPF XSSA external type 1 , N"2 - OSPF XSSA external type 2 
El - OSPF external type 1, E2 - OSPF external type 2 
i - IS-1S, su - 1S-1S summary, LI - 1S-1S level- 1, L2 - 1S-1S lcvcl-2 
ia - IS- IS inter area, * - candidate default, U - per- user static route 
o - ODR, P - periodic downloaded static route 



COE R&!s by Narblk kuchurians Ad* uiced CC1E R&S Work Book 2.11 Pqge 609afl068 

£ 20(19 NarbikKocharianx All rij|hU rcirrvwl 











Gateway of last resort is not set 

C 1 .0.0. 0/8 is directly connected, LoopbackO 

2.0.0.0/32 is subnetted, 1 subnets 
2.222 [110/65] via 1 0.1. 12.2,00:04:1 1, ScrialO'0.12 

3.0.0.0/32 is sub netted, 1 subnets 
3.3.3 J 1110/651 via 10.1.13.3, 00:01:26, SerialO 0.13 

10. 1.0.0' 24 is subnet ted 3 subnets 
C 1 0. 1 . 14.0 is d ircctly connected, Scrial0/0. 14 
C 10. 1.12.0 is directly connected, Scrial0/0. 12 
C 10. 1.13.0 is directly connected, ScrialG'O. 13 






I ask 5 

Area 4 should be configured with a totally different network type than task 2, 3 and 4. 
DC) NOT use point-to-multipoint to accomplish this task. 






On kl 

Rli;eonfig)#intS0 0.14 

R 1 ( c o n fig-s ub if)#ip o sp f net b ro adc ast 

Rl (con fig-s ubif)#ip ospf priority 255 

On k4 

R4(config.if)#int S0/0 
R4(config-if)#ip ospf net broadcast 

To verify the eonfimuration: 

On kl 

RI~Show ip route 

Codes: C - connected, S - static, R - RIP, M - mobile, B - BOP 

D - E1GRP, EX - E 1GRP external, O - OSPF, 1 A - OSPF inter area 
Nl - OSPF XSSA external type 1, N2 - OSPF NSSA external type 2 
El - OSPF external type 1 , E2 - OSPF external type 2 
i - IS-IS, su - IS-IS summary, LI - IS-1S level- I ,"L2 - 1S-1S lcvcl-2 
ia - IS-IS inter area. * - candidate default, U - per- user static route 




cc 


IE R&* b> Narbik KoeharLans Advanced CCIE R&S Work Book 2.0 Page 610 of It 

C 2009 N»rbik Koch* runs. All rijjhu reserved 


>6S 











o - ODR. P -periodic downloaded static route 
Gateway of last resort is not set 

C LOO. 0/8 i s d i roc t ly co n n cc ted , Loo p b ac kO 

2.0.0.0/32 is subnetted, ! subnets 
2.22.2 [110/65] via 10.1. 12.2, {30: 10:54, ScrialO/0. 12 

3.0.0.0.32 is subnetted, 1 subnets 
3.3.3.3 [HO/65] via 10.1.13.3,(30:08:08, Scrial0/0. 13 

4.0.0.0/32 is sub netted, 1 subnets 
() 4.4.4.4 1110/651 via 10.1.14.4, 00:00:01, SeriaWO.14 

10.1.0.0/24 is subnet ted, 3 subnets 
C 1 0. 1 . 1 4.0 is d ircctly connected, Scrial0/0. 14 
C 10. 1 .12.0 is directly connected, ScrialO/0. 12 
C 10. 1.13.0 is directly connected, ScrialO'O. 13 






I ask 6 

Remove the priority command from Rl 's S0/0. 1 2 and set the network type to "point-to - 
multipoint non-broadcast". Ensure that these routers exchange routes. Do NOT change 
the network type to accomplish this task. 






On Rl 

Rl(config)#intS0/0.!2 

R!(config-subif)#NO ip ospl* priority 255 

Rl (config-subif)#ip ospf network point-to-multipoint non-broadcast 

Rl(config)#lntcrfacc Tunnel 1 

Rl (config-iftttp address 200. 1 . 12. 1 255.255.255.0 

Rl (config-if)r#tunncl so urcc 10. 1. 1 2. 1 

Rl (config-iiytunncl destination 10. 1. 12.2 

R! (config-iiVroutcr ospf 1 

Rl(COnfig-router)#NO nctw 1 0.1 . 12.1 0.0.0.0 area 2 

Rlfconfig-routcrJ^nctw 200.1.12.1 0.0.0.0 arcaO 

The reason to remove the network 10.1.12.0 from OSPF is to prevent recursive 

loops. 

On R2 




cc 


IE R&* b> Narbik Kocharians Advanced CCIE R&S Work Book 2.0 Page 611 of It 

C 2009 Virbik Kucha rianx AH rijjhlj reserved 


US 



R2(config)#]ntcrfacc Tunnel 1 
R2(config-it>ip address 200. 1. 12.2 255.255.255.0 
R2(config-il>tunncl so urcc ! 0. 1. 1 2.2 
R2(config-if)#tunncl destination 10. 1. 12. 1 

R2(config-if)#routcr ospl" 1 
R2(CQnfig-rautcr)#NO nctw 0.0.0.0 0.0.0.0 area 2 
R2 fc o n fig-ro u tcr)#nctw 200.1.12.2 0. 0. . area 
R2(config-routcr)#nctw 2.2.22 0.0.0.0 area 2 

Note on R2 we must remove the earlier network statement ( 0.0.0.0 0.0.0.0 area 2) oi 
else all the interlaces will he advertised in area 2 and this is not the desired 
behavior. Lastly we must advertise network 2.0. 0.(1 in area 2. 

To verify the confiuuratiun: 

i n 

On K2 

R2f*Show ip route 

Codes: C - connected, S - static, R - RIP, M - mobile, B - BOP 

D - E1GRP, EX - E 1GRP external O - OSPF, 1 A - OSPF inter area 
XI - OSPF NSSA external type I , N2 - OSPF N'SSA external type 2 
El - OSPF external type 1, E2 - OSPF external t>pc2 
i - 1S-1S, Su - 1S-1S summary, LI - 1S-IS level -1,*L2 - IS-1S lcvcl-2 
ia - IS- IS inter area. * - candidate default, L' - per- user static route 
o - ODR, P - periodic downloaded static route 

Gateway of last resort is not set 

() 1.0.0.0/8 |11 0.'l 11 121 via 200.1.12.1, 00:00:11, Tunnell 

C 2.0.0.0'8 is directly connected, LoopbackO 

O IA 3.0.0.0/8 [110/1 1 176] via200.1.12. 1, 00:00:05, Tunnell 

4.0.0.0/32 is subnetted, 1 subnets 
O 1 A 4.4.4.4 [110/1 1 1 76 J via 200. 1 . 12. 1, 00:00: 1 1 , Tunnel 1 
C 200. 1.1 2.0/24 is directly connected, Tunnell 

10.1.0. Q'24 is subnetted, 3 subnets 
OlA 10.1. 14.0 [110/1 11 75J via 200. 1.12.1, 00:00: 11, Tunnell 
C 1 0. 1 . 1 2.0 is directly connected, Scrial0/0 

OlA 10.1.13.0 [1 10/111 75J via 200. 1.12.1,00:00:12, 

Note the reason network 1.0.0.0 shows up as an Intra- area route is because R2 has 
an interface in area and network 1.0.0.0 is from area 0. 



CCIE R&«* by NarMk Kucharians Advanced CC1E R&S Work Bouk 2.0 Page 612 of 1068 

C 2009 N»rbik Koch* rum All rtjjhU rcirrvwl 



On Kl 

R1#Show ip route 

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP 

D - EIGRP, EX - E 1GRP external, - OSPF, 1 A - OSPF inter area 
XI - OSPF NSSA external type I , N2 - OSPF XSSA externa! type 2 
El - OSPF external type 1, E2 - OSPF external type 2 
i - IS-1S, su - IS-IS summary, LI - 1S-1S lcvcl.l,'l_2 - IS-IS lcvcl-2 
ia - IS-IS inter area, * - candidate default, L" - per- user static route 
o - ODR. P - periodic downloaded static route 

Gateway of last resort is not set 

C 1.0.0.0/8 is directly connected, LoopbackO 
() I A 2.0.0.0/8 1110/111121 via 200.1 J 2.2, 00:02:33, Tunnel 1 
3.0. 0.0/8 [1 10/65] via 10. 1 . 1 3.3, 00:02:43, ScrialO'0. 1 3 
4.0.0.0/8 [1 10/65] via 10.1.14.4, 00:02:33, ScrialO/0.14 
C 200. 1. 12.0/24 is directly connected, Tunncll 

1 0. 1 .0.0/24 is sLibnettcd, 3 subnets 
C 1 0. 1 . 14.0 is directly connected, ScrialQ'0. 14 
C 1 0. 1 . 1 2.0 is d ircctly connected, ScrialO/'0. 12 
C 1 0. 1 . 1 3.0 is d ircctly connected, ScrialO/'0. 1 3 

The reason network 2.0.0.0 Shows up as an Inter-area route is because the Ideal 
router (Rl) does not have an interface in area 2. 



Task 7 

Erase the startup conlig and reload the routers be lore proceeding to the next lab. 



CCIE R&5> by NarbJk Kuchariaiw Advanced CC1E R&S Work Book 2.0 Page 613 of 1068 

C2009 >iarl>ik Kucha riani. All rijhfci raerved 



Lab 19 
Forward Address Si 


HDD 


rcssion 


1 



/ 



Area 



S 



/ 



fcc 



2DD.1.23.(}.'24 



\ 



\ 




\ 



\ 




Sft'0.34 200.1.34.3,124 

,S0.'0.35 2(KL1i.35..3,'24. 
A&HtoM iM.1.36.3,'24 



\ 

\ 

Area 1 \ 




I 



f:.-: 



4.4.4.4 /8 



6.6.6.6/8 



f:.-: 



5.5.5.5/8 



CCIE R&5> by Narvik Kurtiariaiw Advanced CCIE R&S Work Book 2.0 

C 2009 Virbik. Kucha riini. All ri^liU reserved 



Page6I4ofJ068 



Lab Setup: 

> Every frame-relay connection should be configured in a Point- to -Point manner 

> Use the IP addressing scheme below for IP address assignment: 

> Configure the FO/0 interface of Rl and R2 in VL AN 1 2 and the FO/1 interlace of 
R2 and R3 in VLAN 23; FO/0 interlace of R4, R5 and R6 should be configured in 
VLAN 4, 5 and 6 respectively. 

IP addressing: 



Router 


Interface/ IP address. 


DLC1 


Connecting to 


Rl 


SO 0.12 = 200.1.12.1 .24 
Lo0= 1.1.1.1/8 


102 


R2 


R2 


Fflrtl = 200.1.12.2/24 




Rl 




FU/1 =200.1.23.2/24 




R3 




I.oO = 2.2.2.2 A) 






R3 


F0 = 200. 1.23.3 24 




R2 




SO 0.34 = 200.1.34.3/24 


304 


R4 




SO 0.35 =200, 1.35.3/74 


305 


R5 




SO 0.36 = 200.1.36.3 24 


306 


R6 




Lo0 = 3.3.3.3/8 






R4 


SO/0.43 = 200.134.4/24 
FU/0 = 4.4.4.4 * 


403 


R3 


R5 


SO 0.53 = 200.1.35.5 24 
FQ0 = 5.5.5.5/8 


503 


R3 


R6 


S0'0.63 = 200. 1.36.6 '24 
FOCI = 6,6,6.6 '8 


603 


R3 



Task I 

Configure OSPF Area on Rl, R2 and advertise their directly connected interlaces in 
this Area. 



On Rl and K2 

(config!i#routcrospf 1 
i;eonfig-rautcr)#nctw 0.0.0.0 0.0.0.0 area 

To verifv the confimiratiun: 



CeiE R&<> by NarMk Kuchariaiw Advanced CCIE R&S Work Book 2. II 

C 2009 NarlrikKuchariini. All rijhU rtserved 



Page 61 5 of 1068 



On kl 

RlftSh ip route ospf 

2.0.0. Q 32 is subnetted, I subnets 
2.222 [110/65] via 200.1. 12.2, 00:00:0 1 , ScrialO 0. 12 
O 20 0.1. 23 . 0' 24 [ 1 1 ■ 1 2 8 1 v ia 2 00 . 1 . 1 2 .2 , 00 : :0 1 , ScrialQ'O . 1 2 



Task 2 

Configure R3 ! s Loopbaek interface and its frame-relay connection to R4, R5 and R6 in 
Area 1, and it's Framc-rclav connection to R2 in Area 0. 



On R3 

R3(config)#ro utcr ospf* I 
R3i;config-routcr)#nct\v 3.3.3.3 0.0.0.0 area 1 
R3(con%-routcr)#nct\v 200. 1 .34 
R3(oonfig-router)#netw 200.1 .35 
R3i;config-routcr)#nctw 200.1 .36 
R3 (c o n fig-ro u tcrj^nctw 200.123 



3 0.0.0.0 area 1 
3 0.0.0.0 area 1 
3 0.0.0.0 area 1 
3 0.0.0.0 arcaO 



To verify the configuration: 

On K3 

R3n ! Sh ip route ospf 

1 .0.0.0 32 is subnetted, I subnets 
1.1.1.1 [110/846] \ia200. 1.23.2, 00:00:58, ScrialO/1.32 

2.0.0. 0/32 is subnetted, I subnets 
O 2222 [110/782] via200. 1 .23.2, 00:00:58, ScrialO/1.32 
O 200. 1 . 12.Q'24 [ 1 10/8451 via 200. 1 23.2, 00:00:58, ScriaUVI.32 

On kl 



Rl#Sh ip route ospf 

2.0.0.0/32 is subnetted, I subnets 
O 2.2.2.2 [IIP 65; via 200. 1.12.2, 00:02:05, ScrialO 0. 12 



CCIE R&$ by Narlnk Kuchariuiw Advanced CC1E R&S Work Book 2.0 Page 616 of 1068 

C 2(109 Vtrbik Kucha riini All righti reserved 



IA 200. 1.36.0 24 [110/909] via 200. 1.1 2.2, 00:02:05, ScrialO'0.12 
200. 1.23.0/24 [110/128J via 200. 1.12.2, 00:02:05, Scrial0/0.12 

3.0.0.0/32 is subncttcd, I subnets. 
1 A 3.3.3.3 [110/129 J via 200. 1.122, 00:02:05, ScrialG''0.12 
IA 200. 1.34.0/24 [110/909] via200. 1.12.2, 00:02:05, ScrialO/0.12 
IA 200. 1.35.0 24 [110/909] via 200. 1.12.2, 00:02:05, ScrialO/0.12 



Task 3 

Configure the Frame-relay connection of R4, R5 and R6 to R3 in Area 1. These routers 
should redistribute their F0/0 interface in OSPF routing protocol, you should NOT use an 
access-list or a prefix-list to accomplish this task. 



On R4 

R4(config)#routcrospf I 
R4(config-routcr)#nctw200.1.34.4 0.0.0.0 area 1 

On R5 

R5(config)#routcrospf 1 
R5(config-routcr)#nctw 200.1.35.5 0.0.0.0 area 1 

On R6 

R6 (c o n fig)#ro u t cr o sp f 1 
R6iconfig-routcr)#nct\v 200.1 .36.6 0.0.0.0 area 1 

On R4. R5 and R6 

fconfig.Wroutc-map TST permit 10 
(config-routc-map)nmatch interface F0 

(config)#routcrospf I 

( co n±ig-ro utcr) ^redistribute connected route-map TST subnets 



To verify the configuration: 



On Rl 



COE R&!s by Narbik kuchai-ian. Advanced CCIE R&S Work Book 2.11 Page 61? of 1068 

C2009 Narbik Kucha rianx All rhjjhu raerved 











Rl*Sh ip route QSpf 

2.0.0.0. 32 is subnettcd, I subnets 
2.222 [110/65] via 200.1. 12.2, 00:12:37, ScrialM). 12 
1A 200. 1.36.Q24 [110/909] via 200. 1.1 2.2, 00:12:37, ScrialO/0.12 
200. 1.23. 0/24 [110/128] via 200. 1.122, 00:12:37, ScrialM). 12 

3.0.0.0 32 is subnettcd, I subnets 
1A 3.3.3.3 [110/129] vk 200. 1.122, 00:12:37, ScrialO/0. 12 
E2 4.0.0.0/8 [110/20] via 200. 1.1 2.2, 00:03:39, ScrialO/0.12 
1A 200.1.34.0/24 [110/909] via 200. 1.12.2, 00:12:37, ScrialO/0.12 
E2 5.0.0.0/8 [110/20 J via 200. 1.12.2, 00:00:14, Scrialfl/0.12 
1A 200. 1.35.0/24 [110/909] \ia200. 1.12.2, 00:12:37, ScrialO/0.12 
E2 6.0.0.0.8 [110/20 J via 200. 1.12.2, 00:0 1:29, ScrialO/0.12 






Task 4 

Configure Area 1 as a N'SS A. 






On R3. R4. \15 and R6 

(configWro Liter ospf 1 
feonfig-routcr)r*arca 1 nssa 

To verily the configuration: 

On R3 

R3irSh ip route ospf 

1.0.0.0 32 is subnettcd, 1 subnets 
1.1 .1.1 [ 1 10/846] via200. 1 .23.2, 00:0 1 :30, ScrialQi .32 

2.0.0.0/32 is subnettcd, 1 subnets 
2222 [110/782] via 200. 1.23.2, 00:01:30, ScrialQi.32 
() N2 4.0. 0.0/8 (110/201 via 200.1.34.4, 00:00:35, SerialO/1.34 
\2 5.0.0.0/8 (110/201 via 200.1 J5..5, 00:00:35, SerialO/1.35 
() \2 6.0.0.0/8 (110/201 via 200.1. 36..6, 00:00:35, Serial0/1.36 
200. 1 . 1 2.Q'24 [ 1 10/845] via 200. 1 .23.2, 00:0 1 :30, ScrialGi .32 

On Rl 

Rl^Sh ip route ospf 




cc 


IE R&^ b> Narhlk kuchar-ians Advanced CC1E R&S Work Book 2.11 Page UHoflt 

C2009 Narbik Kucha rianx All rq|h.ti reserved 


168 



2.0.0.0/32 is subnetted, I subnets 
2.222 [1 10/65] via 200. 1. 12.2, 00:02:37, ScriaUm 12 
1 A 200. 1 .36.0 24 [1 1 0/909 j via200. 1.12.2, 00:02:37, ScrialO/0.12 
200. 1.23.0/24 [110/128] via 200. 1.1 2.2, 00:02:37, Serial QUO 

3.0.0.0 32 is subnetted, I subnets 
1A 3.3.3.3 [110/129] via 200. 1.122, 00:02:37, ScrialQ'0.12 
O E2 4.0.0.0/8 (110/201 via 200.1.12.2, 00:02:01, StrialO/0.12 
1A 200. 1.34.024 [110/909] via200. 1.12.2, 00:02:37, ScrialO/0.12 
O E2 5.0.0.0/8 1110/201 via 200.1.12.2, 00:01:51, SerialO/0.12 
1A 200. 1.35.0/24 [11 0/909 J via200. 1.12.2, 00:02:37, ScrialO/0.12 
O E2 6.0.0.0/8 1110/201 via 200.1.12.2, 00:01:41, SerialO/0.1 2 

On R2 

R2#Sh ip route ospl ' 

1.0.0.0 32 is subnetted, 1 subnets 
1.1.1.1 [110/65] via 200.1. 12.1, 00:04:01, ScrialO'0. 21 
O 1 A 200. 1 .36.0 24 [1 1 0/845] via200. 1 .23.3, 00:04:0 1 , Serial0/023 

3.0.0.0 32 is subnetted, I subnets 
O 1A 3.3.3.3 [110/65] via 200. 1.23.3, 00:04:01, ScrialO/023 
E2 4.0.0.0/8 (110/201 via 200.1.23.3, 00:03:25, St! ri a 10/ 0.23 
1A 200. 1.34.0/24 [110/845] via200. 1.23.3, 00:04:01, Scrial0/0 2 3 
O E2 5.0.0.0/8 |110/201 via 200.1.23.3, 00:03: 15, Serial0/0.23 
O 1A 200. 1.35.0 24 [110/845] via200. 123.3, 00:04:01, ScrialO/0. 2 3 
O E2 6.0.0.0/8 (110/201 via 200.1.23.3, 00:03:05, St! ri a 10/ 0.23 



Task 5 

Configure R3 to filter the following networks: 
200. 1.34.0 (24. 200.1.35.0 .'24 and 200.1.36.0 ,'24 



On K3 

R3(eonfig)#routcrospf I 

R3(con%-routcr)*area 1 range 200.134.0 255.255.255.0 not-advertise 
R3(conflg-routcr)#area 1 range 200.135.0 255.255.255.0 nol-advertise 
R3(config-routcr)#area 1 range 200.136.0 255.255.255.0 nut-advertise 

To verify the configuration: 



CCIE R&$ by Narhlk KuirharLaiw A<&\ anted COE R&S Wurk Book 2.0 Page 6l9afl068 

£2009 Xarbik Kuchariani. All rij[liU rcicnnl 











On R2 

R2n ! Sh ap route ospf 

1.0.0.0/32 is subnetted, I subnets 
M.l.l [IKtffiS] via 200.1. 12. 1, 00:0 1:47, ScrialO/0.21 

3 .0.0.0/32 is subnetted, 1 subnets 
1 A 3. 3. 3.3 [ 1 10/65] via 200. 1 .23.3, 00:0 1 :47, ScrialO/023 

On Rl 

Rl?*Sh ip route ospf 

2.0.0.0/32 is subnetted, 1 subnets 
2.222 [110/65 J via 200. 1.12.2, 00:03:02, ScrialO/0. 12 
O 200.1.23.0/24 [110/128] via 200. 1.122, 00:03:02, ScrialO/0.12 

3.0.0.0 32 is subnetted, 1 subnets 
IA 3.3.3.3 [110/129] via 200. 1. 12.2, 00:03:02, ScrialO/0. 12 

Note the routers in Area no longer have reachability to the prefixes from Area 1. 






Task 6 

Configure R3 such that the routers in Area can reach the networks that were 
redistributed in step 3. Use minimum number of commands to accomplish this task: you 
should NOT use any global con fig commands as part of the solution to this task. DO 
NOT remove the commands from the previous step. 








On R3 

R 3 (c o n fig )# ro u t cr o sp f 1 

R3(config-routcr)? i area 1 nssa translate type" suppress-la 

To verify the configuration: 

On R2 

R2#Sh ip route ospf 

1.0.0.0 32 is subnetted, 1 subnets 




cc 


IE R&* b> Narbik KochurLatis Advanced CC1E R&S Work Book 2.0 Page 620a 

C 2009 Narbik Kucha rianx All rhjhu raervctl 


fim 



l.l.l.l [110/65] via 200.1. 12. 1, 00:07:29, ScrialO'O 21 

3.0.0.0. 32 is subncttcd, I subnets 
1A 3.3.3.3 [110/65] via 200. 1.23.3, 00:07:29, ScrialO/0.23 
() E2 4.0.0.0/8 1110/201 via 200.1.23.3, 00:00:41, SerialO/0.23 
O E2 5.0.0.0/8 1110/20] via 200.1.23.3, 00:00:41, SerialO/0.23 
O E2 6.0.0.0/8 |110/20] via 200.1.23.3, 00:00:41, SerialO/0.23 

On Rl 

RlrrShow ip route ospt' 

2.0.0.0/32 is subncttcd, 1 subnets 
2.222 [110. 65] via 200. 1.12.2, 00:08:03, ScrialO/0. 12 
200. 1.23.024 [110/128] via 200. 1.122, 00:08:03, ScrialO'O. 12 

3.0.0.0.32 is subncttcd, 1 subnets 
Q1A 3. 3.3.3 [110/ 129] via 200. 1.122, 00:08:03, ScrialO'O. 12 
() E2 4.0.0.0/8 |110/20] via 200.1.12.2, 00:01:15, SerialO/0.12 
O E2 5.0.0.0/8 |110/201 via 200.1.12.2, 00:01: 15, SerialO/0.12 
O E2 6.0.0.0/8 (110/201 via 200.1.12.2, 00:01:15, SerialO/0.12 

To test the configuration: 

On Rl 

Riff Ping 3.3.3.3 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echos to 3.3.3.3, timeout is 2 seconds: 



Success rate is 100 percent (5'5), round-trip min/avg'max = 1 12/113/1 16 ms 

RlffPing 4.4.4.4 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 4.4.4.4, timeout is 2 seconds: 

(MM 

Success rate is 100 percent (5/5), round-trip min/avg'max = 168/171/173 ms 
RlflPing 5.5.5.5 

Type escape sequence to abort. 

Sending 5, 100-bytc ICMP Echos to 5.5.5.5, timeout is 2 seconds: 



Success rate is 100 percent (5/5), round-trip min/avg'max = 168/170/173 ms 



CCIE R&*» b\ Narblk KuL-hurLuiw Adt anted CC1E R&S> Work Buok 2.0 Pqge 621 afl068 

C 2009 Narbik Kucha rianx All rishUmervetl 



The OSPF Forwarding Address Suppression in Translated Type-5 LSAs feature 
causes an NSSA ABR to translate IApe-" I.SAs to Type-5 LSAs, bill use the 
(1.0.(1.(1 as the fon>arding address instead of that specified in the Type- 7 LSA. 
Note if the "Area 1 translate type? sup press- fa'" command and the filters were 
removed, this \\\\\ he the output of the "Show ip ospf data external 4.0.(1.0" 

Rl*Sh ip ospfdata external 4.0.0.0 

OSPF Router with ID (1.1.1.1) (Process ID 1) 

Typc-5 AS External Link States 

Routing Bit Set on this LSA 
LS age: 7 

Options: (No TOS -cap ability, DC) 
LS Type: AS External Link 

Link State ID: 4.0.0.0 (External Network Number ) 
Advertising Router: 3.3.3.3 -*-^_^ 

LS Scq Number: 80000003 This is the muter that advertised the 

Checksum: 0xF5A8 network to the loeal router 

Length: 36 
Network Mask: /8 Note the address is not suppressed. 

Metric Type: 2 (Larger than any link state path!-- Basically the IP address 

TOS: ._---""" of the that originated the 

Metric: 20 a-""""^ route 

F orw a rd Ad d re ss : 2 00 . 1 .34 . 4 

External Route Tag: 

After the filters are applied and the "Area 1 nssa translate type? suppress- fa" 

command is configured, the output of the "Show ip ospf da ext 4.0.0.0" will he 
changed asfolhms: 

R1*Sh ip ospf data external 4.0.0.0 

OSPF Router with ID (1 . 1 . 1. 1) (Process ID 1 ) 

Typc-5 AS External Link States 



Routing Bit Set on this LSA 
LS age: 293 

Options: (No TOS -cap ability, DC) 

LS Type: AS External Link . Note the advertising router is still in the DB 

Link State ID: 4.0.0.0 (Exty:«aT"Nctwork Number ) 
Advertising Router: 33.3.3 



CCIE R&!s b) Narbik KuL-harLaiw AdtuicedCCIE R&S Work Book 2.11 Pqge 622aflQ68 

C 3009 Narbik Kucha rian«. All rights reserved 



LS Scq Number: 80000002 

Checksum: 0x5738 

Length: 36 The IP addivss of the router (hat originated the 

Network Mask: /8 route is suppressed. 

Metric Type: 2 (Larger than any link state path) 

TOS: 

Metric: 20 

Forward Address: 0.0.0.0 

External Route Tag: 



L IUU1I ,**' ' 

if 



Because the IP address of the router that originated the route's are suppressed, 
area routers no longer need to maintain extra prefixes in their routing table. 

On R2 

R2"Sh ip route ospf 

1.0.0.0/32 is subnetted, 1 subnets 
Q 1. 1 . i . i L 1 1 65; via 200.1 . 12. 1, 00:07:29, ScrialO/021 

3.0.0.0 32 is subnetted. I subnets 
1A 3.3.3.3 [110/65] via 200. 1.23.3, 00:07:29, SeriaK)/023 
O E2 4.0.0.0/8 |110.'201 via 200.1.23.3, 00:00:41, SerialO/0.23 
O E2 5.0.0.0/8 1110/20] via 200.1.23.3, 00:00:41, SerialO/0.23 
t) E2 6.0.0.0/8 I110/20] via 200.1.23.3, 00:00:41, Serial0/0.23 

On Rl 



R [#ShCTOf ip route ospf 

2.0.0.0/32 is subnetted, 1 subnets 
2.222 [ 1 10/65 J via 200. 1 . 12.2, 00:08:03, ScrialO/0. 12 
O 200. 1.23.0 24 [110/128] via 200. 1.122, 00:08:03, Serial0AM2 

3.0.0.0.32 is subnetted, 1 subnets 
O 1A 3.3.3.3 [110 129] via 200. 1.122, 00:08:03, ScrialO/0.12 
O E2 4.0.0.0/8 |110/201 via 200.1.12.2, 00:01: 15, SerialO/0.12 
() E2 5.0.0.0/8 1110/201 via 200.1.12.2, 00:01:15, SerialO/0.12 
C) E2 6.0.0.0/8 (110/201 via 200.1.12.2, 00:01: 15, SerialO/0.12 

Note the backbone routers no longer need to maintain the extra prefixes for the 
links, but they have full reachability to the prefixes that were redistributed. 



CCIE R&«* by NarbJk Kuehariaiw Advanced CCIE R&S Work Book 2.0 Page 623 of 1068 

C2009 >iarl>ik Kucha rianx All rijjhu raerved 



Task 7 

Erase the startup DOnfig and reload the routers before proceeding to the next lab. 



CCIE R&«* by Narbik Kuchariaiw Advanced CCIE R&S Work Book 2.0 Page 624 of 1068 

£ £009 N«rl>ik Kucha riaiu. All rij|hu raerved 



Lab 


20 


- OSPF NSSA 


no- 


■re 


distribution 


& 






injection of ck 


fau 


lit 


routes 
















/ 



\ 



/ 



mass \ sgjom 

10.1.35LO/24 \ Jiai.340/24 

/ *i \ 

Area 2 _ ^LA^-^ Area 1 v 



/ 



50.0.53 





\ 



\ 



SW0.43 



LcO / 


\ L '-° 


/ 


\ 


/ 


X 




CCIE R&* by Narvik Kuehariaiw Advanced CCIE R&S Work Book 2.0 

C2009 Nvbik Kucha rmni. All rijjhu rciervcil 



Page 625 of 1068 



Lab Setup: 

> Configure all frame-relay connections in a point-to-point manner. 

> L'sc the IP addressing and DLC1 chart below. 



II* a licit "cssing: 



Router 


Interface IP address* 


DLC1 


assignment 


Rl 


F0 = 10.1.12.1 /24 
LoopbackO =1.1.1.1 '8 






R2 


FO'O =10.1.12.2 '24 
F0 1 =10.1.23.2/24 

LoopbackO =2.2.2.2 '8 






R3 


Ft) 1 =10.1.23.3/24 








SO 0.34 = 10.1.34.3/24 


304 






SO/0.35 = LOl 1353/24 


305 






LoopbackO =3.3.3.3/8 








Loopbackl =33.3.3.3/8 






R4 


SO/0.43 = 10.1.34.4 -'24 
LoopbackO =4.4.4.4 '8 


403 




R5 


SO 0.53 =10 1 m 24 
LoopbackO = 5.5.5.5/8 


503 





Task I 



Configure OSPF on the routers based on the following chart: 



Router 


Interface / Area 


Ri 


SO 0.12 /Art; a 
LoopbackO Area 


R2 


SO/ 0.21 /Area 
SO/0.23 /Area 
LoopbackO / Area 


R3 


SO. 0.32 Area 
SO/0. 34 /Area 1 
SO/0.35,' Area! 


R4 


SO.' 0. 43 / Area 1 
LoopbackO Area 1 


R5 


SO 0.53 Area 2 

LoopbackO Area 2 



CCIE R&*» In Narbik Kucharians 



Advanced CC1 E R&S Work Book 2.0 

C 2009 Varbik Kucha rian«. All rnjhLi raerved 



Page 626 of 1068 



On kl 

Rl (eon fig- if)#ro Liter ospf 1 

R 1 (config-rou tcr)#nct\v 1.1.1.1 . 0. 0. arc 

Rli;config-rautcr)f*nctw 10.1.12.1 0.0.0.0 arcO 

On R2 

R2(eonfig)#roLitcrospf" I 
R2(L'C3n fig-ro Litcr)#nctw 2.2.2.2 0.0.0.0 arc 
R2i;eonfig-roLitcr)#nctw 10. 1. 12.2 0.0.0.0 arc 
R2i;config.rautcr)#nct\v 1 0. 1.23.2 0.0.0.0 arc 

On K3 

R3 (e o n fig)#ro liter a spf I 

R3(config-routcr)#nctw 1 0. 1.23.3 0.0.0.0 area D 
R3i;config-routcr)f#nctw 10.1.34.3 0.0.0.0 area 1 
R3(eonfig-roLiter)#nctw 10. 1.35.3 0.0.0.0 area 2 

On K4 

R4 (c o n fig)#ro u tcr o sp f 1 

R4 (eon fig-ro Litcr)#nct\v 10.1.34.4 0.0.0.0 area 1 

R4 (e o n fig-ro u ter)#netw 4 . 4. 4 .4 . 0. 0. area 1 

On K5 

R5(config)#routcrospf I 

R5 (e o n fig-ro u tcr)#nctw 5 . 5. 5 . 5 . 0. 0. area 2 

R5(config-routcr)#nct\v 10. 1.35.5 0.0.0.0 area 2 



1 'n verify the configuration: 



On HI 

R 1 frS ho w i p ro ut c o sp i' 1 nc 

2.2.2.2 [1 10/65] via 10.1.12.2,00:05:31, ScrialO'O. 12 

1A 4.4.4.4 [110/193] via 10.1.12.2, Oft 03:49, Scrial0/0.12 

1A 5.5.5.5 [110/193] via 10.1 .12.2, 00:02:31, Scrial0/0.12 

( ) 1 ft 1 2 3. [11 0/ 128J via 10. 1.12.2, 00: 05:31, ScriaKl'O . 1 2 
O 1A 10.1.35.0 [110/1 92J via 10.1.12.2, 00:05:21, ScrialO/0.12 



CCIE R&S bx Narbik Kuchai-ians 



Advanced CC1 E R&S Work Book 2.0 

C 1009 \«rl>ik Kuchariini. All rights reserved 



Page 62' of 1068 



IA 10.1.34.0 [110/192] via 10.1.12.2, 00:05:31, ScrialO/0.12 

On R2 

R2#Show ip route ospf lnc O 

1.1.1.1 LHO 65J via 10.1.12. 1, (X):06:22, ScrialOO.21 

IA 4.4.4.4 [110/129] via 10.1.23.3, 00:04:40, ScrialO/023 

IA 5.5.5.5 [110/129] via 10.123.3,00:03:22, Scria»0/023 

IA 10.1.35.0 [110/128] via 10.1.23.3, 00:06: 12, ScrialO/0.23 

IA 10.1.34.0 [110/128] via 10.1.23.3,00:06:22, ScrialO/0.23 

On R3 

R 3 a S h o w j p r o ut c o sp f 1 nc 

1 . 1 . 1 . 1 L II 0/ 129] via 1 . 1 .23 .2, 00 : 7 : 00 , Scr iaIQ-'0 . 32 

2.222 [110/65] via 10.1232,00:07:00, ScrialO'0.32 

4.4.4.4 [110 '65] via 10.1.34.4, 00:05:28, ScrialO/0.34 

5.5.5.5 [110/65] via 10.1.35.5,00:04:10, ScrialO'0.35 

10.1.12.0 [110/128] via 10.1232,00:07:00, ScrialO 0.32 

On K4 

R4#Show ip route ospf lnc 

O IA 1 . 1 . 1 . 1 [ 1 1 0; 1 93 j via 1 0. 1 .34.3, 00: 06: 1 8, ScrialO/043 

O IA 2.2.2.2 [110 129] via 10.1.34.3, 00:06:18, SeriaH]/'0.43 

IA 5.5.5.5 [110/129] via 10.1.34.3, 00:05:00, ScrialO/043 

IA 10.1.12.0 [110/192] via 10.1.34.3, 00:06:18, Serial 0/0. 43 

O IA 10.123.0 [110/128] via 10.1.34.3,00:06:18, SerialO/0.43 

IA 10.1.35.0 [110/128] via 10.1.34.3, 00:06:18, ScrialO/0.43 

On \15 

R5*Sho\v ip route ospf lnc 

QIA I. 1. 1. 1 [110. 193] via 10.1.35.3, 00:06:02, ScriaH3/0.53 

IA 2.2.2.2 [110/129] via 10.1.35.3,00:06:02, ScriaH)/0.53 

IA 4.4.4.4 [110/129] via 10.1.35.3, 00:06:02, ScrialQ/0.53 

O IA 10.1.12.0 [110/192] via 10.1.35.3, 00:06:02, SerialO/0.53 

IA 10.123.0 [110/128] via 10.1.35.3, 00:06:02, ScrialO/0.53 

IA 10.1.34.0 [110/128] via 10.1.35.3,1X1:06:02, ScrialO/0.53 



CCIE R&«» bv Narbik Kucharians 



Advanced CCIE R&S Wurk Book 2.0 

C 20419 Narbik Kucha riam. All rij;hU reserved 



Page 628 of 1068 



Task 2 

Configure R3 to redistribute its Loopback and 1 interfaces into this OSPF routing 
domain. 



On K3 

R3 fc o n fig )# route- map TST permit 10 
R3(config-routc-map)#match interface loO lol 

R3 ( c o n fig )P r o ut cr o sp f 1 

R3(config-routcr)# redistribute connected subnets route-map TST 

To verify the configuration: 

On Rj 

Rl#Show ip route ospf Inc E2 

E2 33.0.0.0 8 [110 20] via 10. 1. 12.2, 00:01:10, ScrialO/0.12 
O E2 3.0.0.0/8 [110/20 J via 10.1. 12.2, 00:01:10, SerialO'0.12 

On R5 

R5"Sho\v ip route ospf Inc E2 

E2 33.0.0.0/8 [110/20] via 10.1.35.3, 00:02:09, ScrialO/0.53 
E2 3.0.0.0 8 |1 10/20] via 10.1.35.3, 00:02:09, ScrialO/0.53 



Task 3 

Configure area I and area 2 as XSSA. R3 should be configured such that the routers in 
these two areas get a default route, this default route should be injected as an external 
route. 



On K3 

R3 (c o n fig)# Ro u t cr o sp f I 

R3fconfig-routcr)r*area 1 nssa delauU-information-oriyinate 

R3(config-routcr)ftarea 2 nssa del'ault-information-ori^inate 



CCIE R&«* by NarMk Kuchariaiw Advanced CC1E R&S Work Book 2.0 Page 629 of 1068 

C2Q09 Narbik Koch* ruins. All riflhU raervetl 



On K4 

R4 (c o n fig)#ro u t cr o sp t" 1 
R4(config-routcr)r*arca 1 nssa 

On R5 

R5(config)#routcrospf 1 

R 5 [C o n fig-ro u t cr)#ar ca 2 as sa 



To verify tht 1 configuration: 



On R4 

R4#Show ip route ospl" Inc 

O 1 A I . I . I . I [ 1 1 0. 1 93] via 1 0. 1 .34.3, 00:05:05, ScrialO/0.43 
O IA 2.2.2.2 [110,129] via 10.1.34.3, 00:05:05, ScrialO/0.43 
O N2 33.0.0.0/8 [110/20] via 10.1.34.3, 00:04:55, ScrialO/0.43 
N2 3.0.0.0/8 [110/20] via 10. 1 .34.3, 00:04:55, ScrialQ.''0.43 
O IA 5.5.5.5 [110 129] via 10. 1 .34.3, 00:05:01, ScrialG/0.43 
IA 10.1.12.0 [110. 192] via 10.1.34.3, 00:05:05, ScrialO'0.43 
O IA 10.1.23.0 [110/128] via 10.1.34.3, 00:05:05, ScrialO/0.43 
IA 1 0. 1 .35.0 [110/128] via 10.1.34.3,00:05:05, ScrialO/0.43 
0*\2 0.0.0.0/0 [110/1] via 10.1.34.3, 00:04:55, ScrialO/0.43 

Note the default route is injected as an external mute. 

On K5 

R5#Show ip route ospf Inc 

O IA 1 . 1 . 1 . 1 [ 1 1 0; 1 93] via 1 0. 1 .35.3, 00:07: 1 4, ScrialO/0.53 
IA 2.2.2.2 [110/129] via 10.1.35.3, 00:07:14, ScrialO/0.53 
N2 33.0.0.0/8 [110/20] via 10.1.35.3, 00:07:14, ScrialO'0.53 
0X23. 0. . 0/8 [ 1 1 0/20 j v ia 1 . 1 . 3 5 .3 , 00:0 7 : 1 4 , SerialO/0 . 5 3 
]A 4.4.4.4 [110/129] via 10.1.35.3, 00:07:14, ScrialO/0.53 
IA 10.1.12.0 [110/192] via 10.1.35.3, 00:07:14, ScrialQ'0.53 
IA 10.1.23.0 [110/128] via 10.1.35.3,00:07:14, ScrialO/0.53 
IA 10.1.34.0 [110/128] via 10.1.35.3,00:07:14, ScrialO/0.53 
0*\2 tl. 0.0.0/0 [110/1] via 10.1.35.3, (K):07:14, ScrialO/0.53 



CCIE R&<* by NarMk Kueharians Advanced CCIE R&S Work Book 2.0 Page 630oflQ68 

C 2009 Narbik. Kucha riau. All rijjhu reserved 





Task 4 

Configure area 1 such that it receives the default route injected by the ABR as an internal 
OSPF route. 






On R3 

R3(config)#routcrospf 1 
R3(config-routcr)#arca I nssa no -summary 

I o \ erify the configuration: 

On R4 

R4r i Sh ip rou ospf i inc 

N2 33.0.0.0 8 [1 10/20] via 10. 1.34.3, 00:12:18, ScriaRTO.43 
N2 3.0.0.0. 8 [1 1 0/20] via 10. 1 .34.3, 00: 12:18, ScrialO/0.43 
Q*IA D.O.0LW0 [11 0/65] via 1 0.1 .34.3, 00: 00:0 9, ScrialO/0.43 

Note the default route injected h\ the ABR 111 'this area is an internal OSPF route. 






TaskS 

Configure R3 such that ONLY Area 2 receives the redistributed routes (3.0.0.0 8 and 
33.0.0.0 f&}i you should NOT use any global configuration command or route-map as 
part of the solution to accomplish this task. 






On R3 

R3(ooiifig)#ro Liter ospf 1 

R 3 (con fig-router)^ area 1 nssa no- redistribution 

To verify the configuration: 

On R4 

R4#Shap route ospf IncO 

0*1 A 0.0.0.0 [1 1 65 via 1 0. 1 .34.3, 00:01 :45, ScrialO'0.43 




cc 


IE R&<> b> Narbik KocharLans Advanced CCIE R&S Work Book 2.0 Page 631 of It 

C 2009 Narbik. Kucha runs. All rights reserved 


)6S 



Note the no-redistribution is configured on the ABR which happens to be an ASBR 
as «ell: this command stops redistribution of the external routes into the area 
specified. 



Task 6 

Erase the startup configuration and reload the routers before proceeding to the next lab. 



CCIE R&«* by Narbik Kuchariaiw Advanced CCIE R&S Work Book 2.0 Page 632aflQ68 

C 2009 >tarl>ik Kucha riani. All rnjhU rcirrvcil 



Advanced 
CCIE Routing & Switching 

2.0 

www ,Mii run icsTraiiiin^, cum 



Narhik Kochaiians 

CCIE #12410 
R&S, Security SP 



BGP 



CCIE R&«> by Narhik KueharLaiw Advanced CCIE R&S Work Book 2.0 Page 633 of 1068 

C2009 Narbik Kuchariini. All rijhlj rcicnnl 



Lab I - Establishing Neighbor Adjacency 



AS 100 




Lab Setup: 

> The FQ interface of these four routers should be configured in VLAN 100. 

> Configure the routers according to the following IP addressing chart: 



ll J Addressing; 



Router 


Interface/ IP Address 


AS 1 00 


Rl 


FOOT- 10.1.1.1/24 

Loll -1.1.1.1 /8 

Lol -192.168.1.1 "24 


1(H) 


R2 


FQ - 10.1.1.2 24 

LoO- Z2.22/8 

Lol - 192.168,2,2^4 


1 00 



CCIE R&«» bv Narbik KuirharLans 



Advanced CCI E R&S Work Book 2.0 

C J009 Narbik Kucha rianx All right! reserved 



Page 614 of 1068 



R3 


FO/0- 10.1.13/24 
Lot) -333.3 8 

Lo 1 -192.1683.3 '24 


100 


R4 


F0 0- 10.1.1.4 24 

LoO- 4.4.4.4 ,'8 

Lol - 192. 168.4.4 24 


1 00 



1 ask 1 

Configure these routers in AS 100, these routers should create an 1BGP peer sessions 
between them, ensure that these routers advertise their Loopback interface in this AS. 



On Rl 








R 1 (c on fig-ro utcrbgp 100 








R 1 ( e o n fig-ro li t cr )# ncig hb o r 


1 0.1. 1.2 


rcmotoas 


UK) 


R 1 (c o n fig-ro u t er)# ncighbo r 


10.1.1.3 


remote- as 


100 


R 1 (config-routcr)#ncighbor 


10.1.1.4 


remote- as 


100 


R 1 (c o n fig-ro u tcr)f#no syn 








R 1 (c o n fig-ro u t cr ) ft net wo r k 


1.0.0.0 






On R2 








R2(config)#ro liter bgp 1 00 








R2 (c o n fig-ro u tcr)#ncighbo r 


10.1.1.1 


remote- as 


KM) 


R2 ( c o n fig-ro u t cr)# ncighbo r 


10.1.1.3 


remote- as 


100 


R2 (c o n fig-ro u t er)# ncighbo r 


10.1.1.4 


remote- as 


100 


R2(eonfig-routcr)#no syn 








R2 ft o n fig-ro u t cr)* net wo r k 


2.0.0.0 






On R3 








R3(config)#routcrbgp 100 








R3 (c o n fig-ro u t cr) £ ncighbo r 


10.1.1.1 


remote- as 


1 00 


R 3 (c o n fig-ro u tcr)#ncighbo r 


10.1.1.2 


remote- as 


100 


R 3 (c o n fig-ro u tcr)#ncighbo r 


10.1.1.4 


remote- as 


100 


R 3 (con fig-ro utcr)#no syn 








R3(config-routcr)# network 


3.0.0.0 






On R4 








R 1 1 config)nroLitcr bgp 1 00 









CC1E R&S b\ Narblk kueharians 



Advanced CC'IE R&S Wurk Book 2.0 
C 2009 Varbik Kudu rum. All ri^hu raervetl 



Page 63 5 of 1068 



R4(conf]g-routcr)#neighbor 10.1. 1.1 remote- as KM) 
R4(config-routcr)#ncigbbor 1.0.1. 1.2 remote- as 100 
R4(config-router)#ricighbor 10.1. 1.3 rcmotc-as 100 

R4 (c o n fag-ro u tcr)#no syn 

R4 (c o n fig-r o u t cr)#nctwu rk 4. 0.0. 

To verify the configuration: 

On Kl 

RlflShowipbap 

BGP tabic version is 5 t local muter ID is 1 . 1 . 1 . I 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

rRlB-iailurc, S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 



Network 


Next Hop 


Metric 


LocPri" 


Weight Path 


*> 1.0.0.0 


0.0.0.0 







32768 i 


*>i2 .0.0.0 


10.1.1.2 





100 


i 


*>i3 .0.0.0 


10.1.1.3 





100 


i 


*>i4. 0.0.0 


10.1.1.4 





100 


i 



CCIE R&5> by Narhik Kuehariaiw Advanced CC1E R&S Work Book 2.0 Page 636 of 1068 

C 2009 Narbik Kucha rianx All rqjhu ri-irrvcU 



Valid Tabic Entrv. 



The best entry for the Prefix. 



The entry is suppressed. 



The entry was learned via an 1BGP, this is the *f* to the left of the network 
column. The letter "P* under the path column, specifics the origin of the 
route. 



Network 



Prefix entry for the network, if the mask is omitted, the default mask is 
assumed. 



Next Hop 



The next hop's IP address to get to the specified network address, if it is 
0.0.0.0 it is a prefix that is advertised by the local router. 



Metric 



This is the Inter-as metric, or the MED attribute which is bv default. 



LocPrf 



This is the local preference attribute, used in the route selection process 
carried within the local AS ONLY. With the local-prcf attribute the higher 
value has more preference. The prefixes that are received from a peer AS 
arc tagged with a local-prcf value of 100; this value can be changed to 
influence the best path selection process. The changed value is only 
advertised to 1BGP peers. When the local router advertises a prefix, no 
local-prcf value is seen in the output of the "Show ip bgp'* command. The 
default value of 100 can be changed by the "ESCrP default local- 
p r e fa re n c e '* c o ir.ir.an d . 



Weight 



The prefixes that arc received via a neighbor (1BGP or EBGP) will have a 
weight of 0, but the prefixes that arc originated by the local router will have 
a weight value of 32768. This attribute overrides any other attribute for 
performing best path determination. 



Path 



If the prefixes were originated or learned via an 1BGP neighbor, the path 
column will have the letter *T without any ASX. If the prefix was learned 
through another AS, then this column will haw the AS number's followed 
by the letter i, the ASNs indicate the AScs that a prefix has traversed. The 
maximum number of AScs that a prefix can traverse through is 255. 



Task 2 



Reconfigure the routers as follows: 

R2, R3 and R4 should be configured in AS 200, 300 and 400 respectively. Configure a 
full mesh peer session between these routers. 



On Kl 

R 1 (config^ro utcr bgp 100 
Rl (config-router)#ncighbor 10.! 
R 1 (config-routcr)#ncighbor 10. 
R 1 icon fig -routcr)#ncighbor 1 0. 



1.2 remote- as 2(H) 

1.3 remote- as 300 

1.4 remote- as 400 



CC1£ R&S in Narbik kueharians 



Advanced CCIE R&<* Wurk Book 2.0 

C 2009 Narbik Kucha rian«. All rig hb reserved 



Page 63 7 of 1068 



R I (config-routcr)r?no auto 
Rl(config-routcr)#nctwork 1.0.0.0 

On R2 

R2 (c o n figure u tcr bgp 20 

R2(config-routcr)r?TTcigribor 10.1. 1. 1 remote- as 100 
R2(config-routcr)r?ncighbor 10.1.1.3 remote- as 300 
R2(config-routcr)r ! ncighbor 1 0. 1.1.4 rcmotc-as 400 
R2 (c o n fig-ra u tcr)?? no aut o 
R2i'config-routcr)#nctwork 2. 0.0.0 

On K3 

R3(config)#routcrbgp 300 

R 3 (con fig-router)?? neighbor 10.1.1.1 remote- as 100 
R3(config-routcr)#ncighbor 10.1.1.2 remote- as 2(H) 
R3 (con fig-router)?* neighbor 10.1. 1.4 remote- as 4(H) 
R3(config-routcr)#rio auto 
R3(config-routcr)#nctwork 3.0.0.0 

On K4 

Rl (c o n fig )#ro Liter bgp 400 

R4(config-routcr)#ncighbor !().!. 1. 1 remote- as 100 
R4(config-routcr)??ncighbor 1 0.1. 1.2 rcmotc-as 2(H) 
R4(config-router)#ricighbor 10.1.1.3 rcmotc-as 3(H) 
R4(config-rou tcr)#no auto 
R4(config-routcr)??nctwork 4. 0.0.0 

To verify the configuration: 

On Rl 

Rl??Sho\v ip bap 

BGP tabic version is 5, local router ID is 1 . 1 . 1 . I 

Status codes: s suppressed, d damped, h history. * valid, > best, i - internal, 

rRlB-tailurc, S Stale 
Origin codes: i - 1GP, e - EGP, ? - incomplete 

Network Next Hop 
*> 1.0.0.0 0.0.0.0 

*> 2.0.0.0 10.1.12 



Metric 


LocPrf 


Weight Path 







32768 i 







200 i 



CCIE R«£^ b\ Narblk Kuchai-Luiis Adt anted CCIE R&S Work Book 2.0 Page 638oflQ68 

£ 3009 Narlrik Kucha riani. All rnjhb raervetl 



* 


10.1.12 


* 


10.1.12 


* 3.0.0.0 


10.1.1.3 


*> 


10.1.1.3 


* 


10.1.1.3 


* 4.0.0.0 


10.1.1.4 


* 


10.1.1.4 


*> 


10.1.1.4 



300 200 i 
400 200 i 
200 300 i 

300 i 

400 300 i 
200 400 i 
300 400 i 

400 i 

Note the local-preference attribute is not assigned on any of the prefixes: this is 
because the prefixes are advertised by an EBGP peer. The best selection in the 
above output is based on the shortest ASN. 

The MED value (Metric column) is zero for some of the prefixes, and on others, it is 
NOT assigned, this is because when the prefix is advertised by the originating AS, 
the metric is set to "0'", but when the same prefix is advertised by another AS, the 
MED value is removed. 



Task 3 

Reconfigure the routers in AS 1 00; use the following policy for their 1BGP peer sessions: 

> Authentication must be enabled between the peers using "cisco" as the password. 

> The peer session must be established based on the Loopbaek O's IP address. 

> These routers should ONLY advertise their Loopback 1 in BCSP. 

> Provide NLR1 to LoopbackO interlace using RIPvZ. 

> The peer session between the routers should only be established if they arc 
rumr.ng BC-P \ jrs.uii 4. 

> L" sc pecr-gro up s to acco mp li sh t hi s task . 



Cisco's implementation of BGP in I OS 12.0(5)T or earlier releases supports BGP 

versions 2,3, and 4, with dynamic negotiation down to Version 2. But in IOS version 
12.()(6)T or later, Cisco routers only support version 4 and they do not support 
dynamic negotiation down to Version 2. The reason you may see the "Neighbor 
version'" command configured on some Cisco routers is because may be the muter is 
connecting and establishing a peer session with a Non-Cisco router, or the 
administrator is not aware of this fact. 

On \U 



R 1 (configure Liter bgp 100 
R 1 (c o n fig -r o u t cr) jj no an 



CCIE R&S by NarMk Kueharians Advanced CCIE R&S Work Book 2.0 Page 6S9o/1068 

C 3009 Narlrib Kuchiriini. All righti rcirrvril 



R 1 (c o n fig-ro u t cr )#nct 192.168.1 .0 

Rl (con fig-ro utcr)#ncighb or TST peer-group 
Rl(config-routcr)#ncighbor TST remote- as 100 
Rl (config-routcr)#neighbor TST update-source loO 
R 1 (e o n fig-ro u t cr )#ncighb o r TS T v cr s io n 4 
Rl (con fig-ro utcr)#ncighb or TST password cisco 

Rl (config-routcr)#ncighbor 2.2.2.2 peer-group TST 
Rl(config-router)#ncighbor 3.3.3.3 peer-group TST 
R I (con fig-ro utcr)#ncighbor 4.4.4.4 peer-group TST 

R I (c o n fig-ro u ter)#ro ut cr rip 

Rl (eon fig -router )#no au 

R 1 (con fig-ro utcr^vcr 2 

Rl (c on fig-ro uter)#nctw 1 0.0.0.0 

Rl (config-routcr)nnct\v 1.0. 0.0 



On R2 

R2(eonfig)#routcrbgp 100 
R2 ( c o n fig-ro u ler)#nd au 
R2(config-rou ter)#nctw 1 92 . 1 68.2.0 

R2(eonfig-rautcr)# neighbor TST peer-group 
R2 (con fig-ro utcr)#ncighb or TST remote- as 100 
R2(config-routcr)#ncighbor TST update-source loO 
R2(config-routcr)#ncighbor TST version 4 
R2 (con fig-ro utcr)#ncighb or TST password cisco 

R2 (con fig-ro utcr)#ncighb or 1. 1. 1. 1 peer-group TST 
R2(config-routcr)#ncighbor 3.3.3.3 peer-group TST 
R2(config-routcr)#ncighbor 4.4.4.4 peer-group TST 

R2(config-rou tcr)#rautcr rip 
R2(config-router)#no au 
R2 (con fig-ro utcr)#ver 2 
R2(config-routcr)#nct\v 1 0.0.0.0 
R2(config-routcr)#nctw 2.0.0.0 

On 1*3 

R3(eonfig)#roLitcrbgp 100 
R3fconfia-routcr)"no au 



CCIE R&<> by NarMk KucharLaiw Advanced CC1E R&S Work Book 2.0 Page 640ofl068 

C 3009 Xarbik Kuchiruni. All righti reserved 



R3(config-routcr)# network 192. 168.3.0 

R3(config-router)#ricighbor TST peer-group 
R3(eonfig-routcr)#ncighbor TST rcmotc-as 1 00 
R3(config-routcr)#ncighbor TST update- source loO 
R3 (con fig-ro utcr)#ncighbor TST version 4 
R3 (con fig-ro utcrj^ncighb or TST password cisco 

R3feonfig-routcr)#ncighbor 1.1.1.1 peer-group TST 
R3(config-router)#ncighbor 2.2.2.2 peer-group TST 
R3(config-routcr)#ncighbor 4.4.4.4 peer-group TST 

R3 (e o n fig-ro u ter)#ro ut cr rip 

R3 (con fig-ro utcr)#no au 

R3 (eon fig-ro utcr)#vcr 2 

R 3 (eon fig-ro uter)#nctw 1 0.0.0.0 

R3(config-routcr)#nctw 3.0. 0.0 



On R4 

R4(config)#ro Liter bgp 100 
R4(config-router)#no aLi 
R4(config-routcr)# network 192. 168.4.0 

R4 (c o n fig-ro u t cr) #ncighbo r TS T peer -gro u p 
R4 (eon fig-ro utcr)#ncighbor TST rcmotc-as 100 
R4(config-routcr)#ncighbor TST update-source loO 
R4 (con fig-ro utcr)#ncighbor TST version 4 
R4 (con fig-ro utcr)#ncighb or TST password cisco 

R4 (con fig-ro utcr)#ncighb or 1,1,1,1 peer-group TST 
R4 (con fig-ro uter)#ncighbor 2.2.2.2 peer-group TST 
R4(config-routcr)n : ncighbor 3.3.3.3 peer-group TST 

R4 (c o n fig-ro u t cr) U ro ut cr rip 
R4 (c o n fig-ro u t cr)#no au 
R4 (c o n fig-ro u tcr)# vcr 2 
R4(config-rou tcr)#nctw 1 0.0. 0. 
R4 (c o n fig-ro u t cr) £ net w 4 . 0. . 



To verify the configuration: 



On Rl 



CCIE R&S by NarMk KueharLaiw Advanced CCIE R&S Work Book 2.0 Page 641 of 1068 

C 3009 Narbik Kuchiriani. All rijjhlj rtiervni 



Rl*Showipbgp 

BC5P tabic version is 7, local router ID is I . I . I . I 

Status codes: s suppressed, d damped, h history. * valid, > best, i - internal, 

rRlB-iailurc, S Stale 
Origin codes: i - IGP, c - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 

*> 192.168.1.0 0.0.0.0 32768 i 

*>il92. 168.2.0 2.2.2.2 100 i 

*>i 192. 168.3.0 3.3.3.3 100 i 

*>i!92. 168.4.0 4.4.4.4 100 i 



To verify the configuration: 



On kl 

R If* Show ip bap peer- group 

BGP peer- group is TST, remote AS \[)l) 
BGP version 4 
Default minimum time between advertisement runs is seconds 

For address family: IPv4 L'nicast 
BGP neighbor is TST, peer-group internal, members: 
2.2.2.2 3.3.3.3 4.4.4.4 
Index 0, Offset 0, Mask 0x0 
Update messages formatted 0, replicated 
Number of N'LRls in the update sent: max 0, rnin 

Note the output of the "Slum ip hup peer-group" reveal* the ip address of the 
members of the peer-group. 

Som e of the benefits of peer-groups: 

> Peer-groups provide optimization of BGP convergence, Let's say a BGP 
speaker has ID IBGP peers that exchange full BGP routing (200,004 
prefixes), without the creation of a peer-group, the local router has to go 
through 2 million prefixes, whereas, if the same router was configured with a 
peer- group, the router would only go through 200,000 prefixes. 



It provides a mechanism for peers that have an identical outbound policy. 



CCIE R&«> by NarMk Kuchariuiw Advanced CCIE R&S Work Book 2.0 Page 642 of 1068 

£ 3009 Xarbik Koch* ruins. All rights raerved 











> Another benefit of peer-groups is that it can reduce the administrative 

overhead by cutting don n redundant configuration on the routers. 






Task 4 

Remove the BGP configuration from the routers and reconfigure the routers in AS 100 
using pecr-scssion templates: von should configure the following two templates to 
accomplish this task: 

> Common Template: This template should contain the "Neighbor version 4 : ' and 
"Neighbor password" command, this template should he appiicd to all 
neighbors. 

> 1BGP Template: This template should contain the "Neighbor Update-source" 
and "Neighbor remote-as" commands. This template should be applied to all 
1BGP neighbors. 

You should advertise Loopbackl interface in BGP and LoopbackO should be used as 
the IP address for establishing the peer sessions. DO NOT remove RlP\2 : s 
configuration. 






On Kl 

Rl (config^ro utcr bgp 100 

R 1 ( c o n fig-ro u tcr )#no au 

Rl (config-routcr)#nctwork 192.1 68. 1 .0 

R! (config-routcr)iTtcmplatc pecr-scssion Common 

Rl (con fig-ro utcr- st mp)#pass\vord cisco 

R 1 (con fig-ro utcr- simp Aversion 4 

R 1 (config-routcr-stmp)#cxit-pccr-scssion 

Rl (con fig-ro utcr)Trtcmp late pecr-scssion I BGP 

R 1 (config-routcr-stmp)# inherit peer-session Common 

R! (config-routcr-stmpjp'updatc-sourcc loO 

R 1 (c o n fig-ro utcr- st mp j# r cmo t c-as 1 00 

R 1 (con fig -router- simplex it -peer- session 

Rl(config-routcr)r ! ncighbor 2.2.2.2 inherit peer-session 1BGP 
Rl (eonfig-routcr)#ncighbor 3.3.3.3 inherit peer-session 1BGP 
Rl (config-routcr)#ncighbor 4.4.4.4 inherit peer-session 1BGP 




cc 


IE R& S b) Narbik Kocharians Advanced CC1E R&S Work Book 2.0 Page At 

C2Q09 V»rl>ik Kucha rum. All rijjhU rcirrvrii 


ISofJ068 



On R2 

R2iconfig)#routcrbgp 100 
R2 (con fig -router)* no au 
R2(config-routcr)#rictwurk 192.1 68.2.0 

R2 lam fig-ro utcr)rrtcmp late peer- session Common 

R2(config-routcr-stmp)#password cisco 

R2 (c o n tlg-ro liter- st mp )n v cr sio n 4 

R2 (c a n fig-ro u tcr- st mp )#ex it -peer- scs sio n 

R2 (con fig-ro Liter)rrtcmp late pecr-scssion IBGP 
R2(config-routcr-stmp)#inhcrit peer-session Common 
R2iconf]g-routLT-stmp)p i updatc-sourcc loO 
R2(config-routLT-stmp)#rcrriotc-as 100 
R2(config-routcr-stmp)f*cxit-pccr-scssion 

R2 (con fig-ro utcr)#ncighbor 1.1.1.1 inherit pecr-scssion IBGP 
R2(config-routcr)#ncighbor 3.3.3.3 inherit pecr-scssion IBGP 
R2(config-routcr)#ncighbor 4.4.4.4 inherit pecr-scssion IBGP 

On R3 

R3(config)*routcr bgp 1 00 

R3(config-rautcr)f*no au 

R 3 (c o n fig-ro u tcr)#nct wo rk 1 9 2 . 1 6 8 .3 .0 

R3 (c o n fig-ro utcr)#tcmp late pecr-scssion Common 

R3(config-routcr-stmp)#password cisco 

R3 ( c o n fig-ro li tcr- stmp )H v crsio n 4 

R3 (c o n fig-ro u tcr- st mp )#cx it - p ccr- scs sio n 

R3(config-routcr)#temp3atc pecr-scssion IBGP 

R3 fc o n fig-ro u tcr- st mp )f* in hcri t pecr-sess k) n Cti m m o n 

R3 (c o n fig-ro liter- st mp )" u p d at c- so Lire c k) 

R3(conr]g-routcr-stmp)n i rcmotc-as 100 

R3 fc on fig -router- stmp)?* ex it -pecr-scssion 

R3(config-routcr)#ncighbor 1.1.1.1 inherit pecr-scssion IBGP 
R3(config-routcr)#ncighbor 2.2.2.2 inherit pecr-scssion IBGP 
R3 (co n fig -routcr)#ncighbor 4.4.4.4 inherit pecr-scssion IBGP 

On R4 



CCIE R&«* bv Narbik KuL-harians 



Advanced CCIE R&S Work Book 2.0 

£2009 Narbik Kucha rianx All rig lib reserved 



Page 644 of J068 



Reconfigure) Liter bgp 1 00 

R^coni'iLZ-rautiTi-no au 
R4(config-routcr)r! ! nct\vork 192.1 68.4.0 

R4 (c o n fig-ro utcr)#tcmp I ate peer- session Common 
R4 (c o n fig-ro u t cr- st mp )" p asswo r d e i sco 
R4(conf]g-routcr-stmp)r ! vcr5k;m 4 
R4 (c o n fig-ro u tcr- st mp )#c.x it - p ccr- scs sk) n 

R4 (c on fig-ro utcr)#tcmp late peer- session 1BGP 
R4(config-routcr-stmp)r* inherit peer-session Common 
R4(config-routcr-stmp .^update- so urcc loO 
R4 (c o n fig-ro u t cr- st mp )n r cmo t c- as 100 
R4 (c o n fig-ro u tcr- st mp )#cx it - p ccr- scs sio n 

R4 (con fig-ro utcr)#ncighbor 1.1.1.1 inherit peer- session 1BGP 
R4(config-roiitcr)#rjcighbor 2.2.2.2 inherit peer-session 1BGP 
R4 (con fig-ro utcr)#ncighbor 3.3.3.3 inherit peer- session 1BGP 



To verify the confiauratiun: 



On kl 

Rlgghow ip bgp. 

BGP tabic version is 5, local router ID is 192. 168. 1 . I 

Status codes: s suppressed, d damped, h history. * valid, > best, 

r RIB -failure, S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 



- internal, 



Network 

*> 192.168.1.0 
*>il92. 168.2.0 
*>il92. 168.3.0 
*>il92. 168.4.0 



Next Hop 
0.0.0.0 

T 1 T 1 T* T 

3.3.3.3 

4.4.4.4 



Metric LocPrf Weight Path 
32768 i 






100 








100 








ion 






Peer-session template can be used to apply session specific configuration 
commands to a group of neighbors that share a common session 
configuration. 

Peer-session templates can be reused and they support inheritance of 

another peer-session template's, this means that nested peer-sessions 
can also be used. 



CCIE R&«* bv Narbik KuchnrLaiu 



Advanced CCI E R&S Work Book 2.0 

C2009 V«rl>ik Kucha riini All rijhu reserved 



Page 645 of 1068 



> Peer-session templates support session specific commands ONLY. 



TaskS 



Reconfigure the routers based on the following IP address space and diagram. 



10.1.12.0/24 



s 



I AS 1 00 





I .all Set up: 

> Configure FG70 interlace of Rl and R2 arc in VLAN 12 and the Ft). 1 interlace of 
R2 r R3 and R4 in VLAN 234. 

> Configure 1 P addressing on the routers using the 1 P addressing chart on the next 
page. 



CCIE R&5> by Narvik Kuehariaiw Advanced CCIE R&S Work Book 2.0 

C2009 Nvbik Kucha rmni. All rijjhu rciervcil 



Page 646 of 1068 



II* Addressing chart: 



Router 


AS number 


Interface ■' IP address 


Rl 


AS 100 


Lo0= 1. 1.0.1 24 
Lol = I.I. 1.1 ,'24 
Lo2= 1.1.2.1/24 
Lo3= 1.1.3.1 .'24 
Lo4= 100.1.1.1 .'24 
Lo5 = 100,3.3 1 f2A 
F0 0= 10.1.12. 1 .'24 


R2 


AS 200 


Lo0= 2.2.2.2 .'8 
F0.0 = 10. 1.12. 2 .'24 
FO'I = 10.1.234.2 24 


R3 


AS 200 


Lofl = % % ^ 'K m 

F0 1 = 10.1.^34.3.^4 


R4 


AS 200 


LoO = 4.4.4.4 .'8 

FO 1 = 10.1.234.4 24 



Task 6 



> Rl in AS 100 should establish an EBGP peer session with R2 in AS 200. Rl 
should advertise all of it's loopback interfaces in AS 100. 

> R2. R3 and R4 should be configured in AS 200: these routers should establish 
1BGP peer sessions between them and advertise their loopback interlace in AS 
200. 

> Configure the router-ids of the routers as fo Hows: 

Rl = 10.1.1.1. R2= 10.2.2.2. R3 = 10.3.3.3 and R4 = 1 0.4.4.4 



On Rl 

Rl (config^ro Liter bgp 100 

Rl (config-routcrY^bgp router-id 10.1 .1.1 

Rl i;config-routcr)#nctwork 1. 1 .0.0 mask 255.255.255.0 

Rl(config-routcr)#nctwork 1. 1 . 1 .0 mask 255.255.255.0 

Rl i;config.router)#nctwurk 1. 1 .2.0 mask 255.255.255.0 

Rli;c[mfig-routcr)#nctwurk 1. 1.3.0 mask 255.255.255.0 

Rli;config-routcr)#nctwurk 100.1.1.0 mask 255.255.255.0 

Rli:config-routcr)#nctwork 100.2.2.0 mask 255.255.255.0 

Rl(config-routcr)#ncighbor 10.1.12.2 rcmotc-as 200 

Rl (config-routcr^no auto -summary 



CC1E R&*s b* .Narbik kuL-harian* 



Ad* anted CC1E R&S Work Book 2.0 

£2009 Narbik Kucha runs. All rnjhb r«erv«l 



Page 64 7 of 1068 



On R2 

R2(config)#router bgp 200 

R2 ic o n fig -ro u t cr)#no sync hronizat ion 

RZfcontlg-routcrtfrbgp router-id 10.2.2.2 

R2 i c o n fig-ro u ter)#netvvor k 2 .0.0. 

R2 (con fig-ro utcr)#neighbor 10. 1.1 2.1 remote-as ]00 

R2 (con fig-ro utcr)# neighbor 10. 1.234.3 remote-as 200 

R2(config-routcr)r*neighbor 10. 1.234.4 remote-as 200 

R2 ( c o n fig-ro u t cr ) £no an to-s n mina r y 

On K3 

R3(config)#router bgp 200 
R 3 ( c o n fig -r o u t cr)#no sync hronizat ion 
R3(config-routcr)#bgp router-id 10.3.3.3 
R3(config-routcr)#netvvork 3 .0.0.0 
R3(config-routcr)r*neigltbor 10.1.234.2 remote-as 200 
R3(config-routcr)#neighbor 10.1.234.4 remote-as 200 
R3 (c o n fig-ro u lfir)#no an to-s u mina r y 

On R4 

R4(config')#router bgp 200 

R4(config-router)#no synchronization 

R4(config-routcr)#bgp router-id 10.4.4.4 

R4 (c o n fig-ro u tcr)#networ k 4 .0.0. 

R4 (con fig-ro Litcr')Tr neighbor 10.1.234.2 remote-as 200 

R4(config-routcr)#neighbor 10.1.234.3 remote-as 200 

R4 (con fig-ro u tcr)#no auto-summary 

To verify the configuration: 

On Rl 

Rl#Show ip bgp 

BGP tabic version is 16, local router ID is 10. 1 . 1 . 1 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

r RIB -tai lure, S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 

*> 1.1. 0.0/ 24 0.0.0.0 32768 i 



CCIE R&S by Narblk kuchariaiw Ad* anted CCIE R&S Work Buok 2.11 Page MRaflQbH 

C 20(19 Narbik Kucha rianx All ri|hUr«erv«l 













*> 1.1.1.024 0.0.0.0 32768 i 








*> 1.1.2.0/24 0.0.0.0 32768 i 








*> 1.1.3.0/24 0.0.0.0 32768 i 








*> 2.0.0.0 10.1.12.2 200 i 








*> 3.0.0.0 10.1.12.2 200 i 








*> 4.0.0.0 10.1.12.2 200 i 








*> 100.1.1.024 0.0.0.0 32768 i 








*> 100.2.2.0.'24 0.0.0.0 32768 i 








On R2 








R2*Sh ip bgp 








BGP tabic version is 10, local router ID is 10.2.22 








Status codes: s suppressed,, d damped, h history, * valid, > best, i - interna 1, 








rRlB-iailurc, S Stale 








Origin codes: i - 1GP, e - EGP, ? - incomplete 








Xctwork Xcxt Hop Metric LocPrf Weight Path 








*> 1.1.0.0.24 10.1.12.1 100 i 








*> 1.1.1.0 24 10.1.12.1 100 1 








*> 1.1.2.0/24 10.1.12.1 100 i 








*> 1.1.3.0/24 10.1.12.1 100 i 








*> 2.0.0.0 0.0.0.0 32768 i 








*>B .0.0.0 10.1.234.3 100 i 








*>i4 .0.0.0 10.1.234.4 100 i 








*> 10 0.1. 1.0,24 10.1.12.1 100 i 








*> 100.7 ?.q/?4 io. I.P.I 100 i 








On R3 








R3*Sh ip bgp 








BGP tabic version is 18, local router ID is 10.3.3.3 








Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 








rPJB-iailurc, S Stale 








Origin codes: i - 1GP, e - EGP, ? - incomplete 








Network Xcxt Hop Metric LocPrf Weight Path 








*il. 1.0.0.24 10.1.12.1 100 100 i 








*il.l.].0'24 10.1.12.1 100 100 i 








*il. 1.2.0/24 10.1.12.1 100 100 i 








*il.l.3.a.'24 10.1.12.1 100 100 i 








*>i2. 0.0.0 10.1.234.2 100 i 






cc 


IE R&* b) Narbik Kodiarians Adv ancL-d CCIE R&S Work Book III 


Page 649 of 1068 




£ 3009 Varbik Kucha rianx All rijhu reserved 





*> 3.0.0.0 


0.0.0.0 





22 


768 


. 




*>i4 .0.0.0 


10.12344 





100 





: 




*i 100.1 .1,0/24 


10.1.12.1 





100 


100 i 




*i 100 2. 2.Q.' 24 


10.1.12.1 





100 


100 i 




On R4 














R4*Sh ip bgp 














BGP tabic version is 20, local 


router ID 


is 10.4.4.4 






Status codes: s 


aipprcsscd, d damped, h history. 


* valid, > best, i 


■ internal, 


rRlB-1 


ailurc, S Stale 












Origin codes: i 


• 1GP, c-EGP 


? - incomplete 








Network 


Next Hop 


Metric 1 


.ocPrf V\ 


ciizhl 


Path 




*i 1.1.0.0,24 


10.1.12.1 





100 





100 i 




*il.l.UV24 


10.1.12.1 


(] 


100 


(1 


100 i 




* il. I.2.a24 


10.1.12.1 





100 


CI 


100 i 




*i 1.1.3.0/24 


10.1.12.1 





100 


CI 


100 i 




*>i2 .0.0.0 


10.1.234.2 





100 


Ci 


: 




*>i3 .0.0.0 


10.1.234.3 





100 





: 




*> 4.0.0.0 


0.0.0.0 





32 


768 


: 




*i 1QO. 1. 1.0/24 


10.1.12.1 





100 





100 i 




*il00.2.2.0'24 


10.1.12.1 





100 


Ci 


100 i 




Note R3 and R4 do not have 


NLRI to the next 


-hop 


IP address 


of 10.1.12.1, therefore, they 


won't have reachability to these addresses. 









Task? 

Configure R2 to change the next hop IP address for all trie networks advertised by Rl to 
the IP address of it's F0/1 interface. You should use a template so the future policies can 
be installed once in that template and have it effect R3 and R4. DO NOT use peer-groups 
to accomplish this task. 



On R2 

R2(config)#ro Liter bgp 200 
R2(config-routcr)# template peer-policy TST 
R2(config-routcr-ptmp)# next -hop-self 

R-i'config-routcr-ptmpiscxit-pccr-policy 



CCIE R&5* t.v Narbik Kucharians 



Advanced CCI E RA.S Wurk Book 2.0 

C 2009 Varbik Kucha riani. All riflhU nntrvni 



Page 650 of 1068 













R2(conl1g-routcr)??ncighbor 10.1.234.3 inherit peer-policy TST 








R2 (c on tig -router)?* neighbor 10.1.234.4 inherit peer-policy TST 








I o verify the configuration: 








On R3 








R3#Sh ip bgp 








BGP tabic version is 18, local router ID is 3.3.3.3 








Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 








r RIB -failure, S Stale 








Origin codes: i - 1GP, c - EGP, '.' - incomplete 








Network Next Hop Metric LocPrf Weight Path 








*>il. 1.0.0 24 10.12342 100 ~ 100 i 








*> il . 1 . 1 .0/24 1 0. 1 .234.2 1 00 100 i 








*>il. 12.0/24 10.12342 100 100 i 








*> il . 1 .3.0/24 1 0. 1 2342 1 00 100 i 








*>i2 .0.0.0 10.12342 100 i 








*> 3.0.0.0 0.0.0.0 32768 i 








*>i4 .0.0.0 10.1234.4 100 i 








*> i 1 . 1 . 1 . 0/24 1 . 1 2 34 .2 1 1 i 








*>il002 2.0/24 10.12342 100 100 i 








(Jn R4 








R4-Sh ip bgp 








BGP table version is 20, local router ID is 4.4.4.4 








Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 








rRlB-tkilurc 5 S Stale 








Origin codes: i - 1GP, c - EGP, ? - incomplete 








Network Next Hop Metric LocPrf Weight Path 








*> il . 1 .0.0/24 1 0. 1 2342 1 00 100 i 








*> il. 1.1.0/24 10.12342 100 100 i 








*> il. 1.2.0/24 10.12342 100 100 i 








*> il . 1 .3.0/24 1 0. 1 2342 100 1 00 i 








*>i2 .0.0.0 10.12342 100 i 








*>i3. 0.0.0 10.1.234.3 100 i 








*> 4.0.0.0 0.0.0.0 32768 i 








*>i 100. 1.1. 0/24 10.1.234.2 100 100 i 








*> il 0022.024 10.12342 100 100 i 






cc 


IE R&* h\ Narvik ivueharlans Advanced CCIE R&S Work Book 2.0 


Page 651 of It 


168 


C 2009 Varbik Kucha rianx All righu reserved 





Peer-policy templates are used to build a template of policy information that can be 
inherited by a given neighbor. The peer-policy template can not be inherited by a 
peer-session template or a peer-group. 



i'askS 

Erase the startup configuration and reload the routers before proceeding to the next lab. 



CCIE R&*» by Narbik Kuchariaiw Advanced CCIE R&S Work Book 2.0 Page 6S2afJ068 

C 2009 >tarl>ik Kucha riani. All rnjhU rcirrvcil 



Lab 2 
Route Reflectors 



AS 100 




I .all Set up: 



> Configure Rl to have two point-to-point frame- relay connections,, one connecting 
Rl to R2, and the other connecting Rl to R3. 

£• R2 and R3 should each be configured with a frame- relay point -to -point 
connection to R I 



> Use the following IP address chart tor IP address assignment. 



CCIE R&5> by Narvik Kucharians Advanced CCIE R&S Work Book 2.0 

C2009 Varbik Kucha rianx All rijjhu rciervcil 



Page 653 of 1068 



II* Addressing: 



Router 


Interface 


IP address 


Rl 


LoO 

The frame- relay connection to R2 

The frame-relay connection to R3 


1.1.1.1 .8 

10. I.I 2.1 ,'24 
10.1.13.1 ,'24 


R2 


LoO 

The frame-relay connection to Rl 


10.1.12.2/24 


R3 


LoO 

The frame- relay connection to Rl 


T 1 1 T it) 

10.1.13.3,24 



Task I 

Configure BGP AS 100 on all routers and ensure that the routers can successfully 
establish an 1BGP peer session with each other. These routers should only advertise their 
LoopbackO interface in BGP. To provide NLR1. the links between the routers should be 
advertised in RlPv2. 



On All Routers 










(config-rautcr)#rautcr rip 
(config-routcr)#no au 
(config-routcr)nvcr 2 
(config-rautcr'v^nctw 10.0.0. 








On Rl 










R 1 ( c o n fig)# ro u t cr bgp 1 00 
Rl (config-routcr)#nct\v 1 .0.0.0 
Rl icon fig -router)#ricighbor 10.1 
Rl (config-routcr)#ncighbor 10.1 
Rl (config-routcr)#no syn 


12.2 remote- 

13.3 remote- 


as 
as 


100 
100 


On R2 










R2(config)#ro Liter bgp 100 
R2i;config-router)#nctw 2.0.0.0 
R2(config-routcr)#ricighbor 10.1 
R2(config-rou tcr)#ncighbor 1 0. 1 
R2(config-routcr)#no syn 


12. 1 remotc-as 
13.3 remotc-as 


100 
100 


On \U 











CCIE R&*> bv Narbik KuL-harians 



Advanced CCIE R&S tturk Book 2.0 

C 2009 Narlrib Kucha riani. All ri||hU raerved 



Page654ofJ068 



R3(config')#routcrbgp 100 
R3(config-routcr)#nctw 3.0. 0.0 
R3(config-router)#ricighbor 10.1.13.1 remote- as 100 
R3(config-ro Liter)" neighbor 10.1.12.2 remote- as 100 
R3(config-routcr)#no syn 



Tu verify the configuration: 



On K3 

R3"Sho\v ip route 

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP 

D - E1GRP, EX - E1GRP external, - OSPF, LA - OSPF inter area 
M - OSPF XSSA external type 1 , N2 - OSPF XSSA external type 2 
El - OSPF externa! type 1, E2 - OSPF external type 2 
i - 1S-1S, su - 1S-1S summary, LI - 1S-1S levcl-1, L2 - 1S-IS levcl-2 
ia - IS- IS inter area, * - candidate default, U - pcr-uscr static route 
o - ODR, P - periodic downloaded static route 

Gateway of last resort is not set 

B 1.0.0.0/8 [200 0i via 1 0. 1 . 13. 1, 00:20:04 
B 2 .0 .0 . .Q.'8 [200/ ] via 10. 1 . 12.2, 00:20:09 

C 3.0.0.0/8 is directly connected, LoopbackO 

10.0.0.0/24 is subnetted, 2 subnets 
C 10.1.13.0 is directly connected, Scrial0'0.31 

R 1 0. 1 . 1 2.0 [120/1 J via 10.!. 13. 1, 00:00:25, Scrial0/0.31 

On R2 

R2#Show ip bap 

BGP tabic version is 4, local router ID is 222.2 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

rR]B-failurc t S Stale 
Origin codes: i - IGP, c - EGP, ? - incomplete 

Path 



Network 
*>il.0.0.0 


Next Hop 
10.1.12.1 


Metric LocPrf 
100 


Weight 



*> 2.0.0.0 


0.0.0.0 





32768 


*>i3 .0.0.0 


10.1.13.3 


100 






CCIE R&«* by Nartnk Kucharians Advanced CCIE R&S Work Book 2.11 Page 6SSoflQ68 

C2009 N«rbik. Koch* ruins. All rijhu raervetl 



Task 2 

You received an e-mail from the management stating that within the next 12 months 20 
additional routers will be added to this AS. In order to minimize the number of peer 
sessions within this AS, you decided to implement route reflectors. Configure Rl as a 
route reflector lor this AS. 



On Rl 

R 1 (config)#ro titer bgp 100 

Rl (config-routcr)T#ncighbor 10.1. 12.2 routc-reflcctor-clicnt 
Rl (config-routcr)#ncighbor 10.1. 13.3 routc-reflcctor-clicnt 

On R2 

R2(config)#ro Liter bgp 1 00 

R2(config-routcr)^no neighbor 10.1.13.3 rcmotc-as 100 

On R3 

R3(config)#routcrbgp 100 

R3i;config-rautcr)#\0 neighbor 10.1.12.2 rcmotc-as 100 

In order for all I BGP speakers in an AS to exchange routes with one another, the 
IBGP speakers must he fully meshed (Every router must establish a peer session to 
every other router). Route-reflectors can be configured to reduce the number of 
peer sessions that must be established between the routers within a given AS. If a 
route-reflector is used, all IBGP speakers need not be fully meshed. In this model, 
the router that is configured to be the route-reflector must have a peer session 
established to every client, the clients must establish a peer session with the route 
reflector. The route reflector will reflect routes learned from one client to the other 
client's. 

To verify the configuration: 



On R2 

R2"Sho\v ip bgp 

BGP table version is 10, local router ID is 2.2.2.2 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

r RIB -tail urc, S Stale 
Origin codes: i - 1GP. c - EGP. '- 1 - incomplete 



CCIE R&*» b* Narblk Kueharian* Ad* weed CC1E R&S Work Book 2.0 Page 656 of 1068 

C 2009 NarbikKocharianx All rights raerved 



Network Next Hop Metric LocPrf Weight Path 

*>il .0.0.0 10. 1.12. 1 100 i 

*> 2.0.0.0 0.0.0.0 32768 i 

*>i3. 0.0.0 10.1.13.3 100 i 

R2*Ping 3.3.3.3 

Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echos to 3.3.3.3. timeout is 2 seconds: 



Success rate is 100 percent (5''5), round-trip min/avg'max = 1 12/113/1 16 ms 

On K3 

R3rrSho\v ip hgp 

BGP table version is 10, local router ID is 3.3.3.3 

Status codes: s suppressed, d damped, h history. * valid, > best, i - internal, 

r RIB -failure, S Stale 
Origin codes: i ■ 1GP, c ■ EGP, ? ■ incomplete 

Network Next Hop Metric LocPrf Weight Path 

*>il. 0.0.0 10.1.13. 1 100 i 

*>i2 .0.0.0 10.1.12.2 100 i 

*> 3.0.0.0 0.0.0.0 32768 i 

R3*Ping 2.2.2.2 



Type escape sequence to abort. 

Sending 5, 100-bytc 1CMP Echos to 2.2.2.2, timeout is 2 seconds: 



Success rate is 100 percent (5/5), round-trip min/avg'max = 1 12/112/1 16 ms 



Task 3 

Alter implementing the route reflector, you realized that if the route reflector is down, the 
entire net wort: is dysfunctional; therefore, you decided to add R4 as the second route 
reflector lor redundancy. Ensure that these routers can reach the advertised networks and 
the redundancy is operational. 



CCIE R&5> by Narvik Kuchariaiw Advanced CCIE R&S Work Book 2.0 Page 65? of 1068 

C2009 >iarl>ik Kucha riani. All rijjhu raerved 



AS 100 




DC) M) I" I'msf the existing eon 11 juration, thf following 

i.'t>n Figuration is added to thi' existing configuration. 



Lai) Setup: 

Add tht-- toJJovung configuration to thf existing configuration: 



> Configure Rl with an additional point-to-point frame- relay connection to R4. 
using the IP addressing and the DLC1 information provided below. Rl should 
establish a BGP peer session with R4 over this frame-relay connection. 

> R2 and R3 should each be configured with an additional point- to -no int frame- 
relay connection to R4. Use the IP addressing and the DLC1 information provided 
be low for these connections. R2 and R3 should each establish a BGP peer session 
with R4 over this connection. 

> R4 should be configured with three point-to-point frame-relay connections, one to 
Rl. the second one to R2 and the third one to R3. Use the following IP addressing 
and DLC1 information for these connections. 



CCIE R&i*> bv Narbik Kucharians 



Advanced CCIE R&S Work Book 2.0 

C 20(19 Narbik Kuchariani. All rij|hU reserved 



Page 658 of J068 



II* Arid rising: 



Router 


Interface 


IP address 


DLC1 


Rl 


SO G.14 


10. I.I 4.1 24 


I 04 


Rl 


SO '0.24 


10.1.14.1 24 


204 


R3 


SO 0.34 


10.1.34.3 24 


304 


R4 


LoO 
SO, 1 (1.42 
SO/0.43 

SO/0.41 


4.4.4.4 /8 
10.1.24.4 '24 
10.134.4 .24 
10.1.14.4 24 


402 
403 
401 



On R4 




R4(config)#ro uler bgp 1 00 




R4(config)#Nctwork 4. 0.0.0 




R4 (c o n fig-ro u tcr)#ncighbo r 10.1.14.1 rcmo tc-as 1 




R4(config-routcr)#ncighbor 10.1.24.2 rcmotc-as 100 




R4 (con fig-ro uter)#ncighbor 10.1.34.3 rcmotc-as 100 




R4 (con fig-ro utcr)#ncighbor 1 0. 1 .24.2 route-reflector client 




R4(config-routcr)#ncighbor 10.1.34.3 route- reflector client 




R4 is the secondary route- reflector. R4 should he configured as follows: 




> R4 should have a peer session with Rl — the route-reflectors should have 


full 


mesh peer sessions between them. 




> R4 must have a peer session with R2 and R3. 




> R4 must configure R2 and R3 as route- re flee tor clients. 




On R2 




R2(config)#routerbgp 100 




R2(config-routcr)#ncighbor 10.1.24.4 rcmotc-as 100 




On R3 




R3 (configure utcrbgp 100 




R 3 (con fig-ro utcr)#ncighbor 10.1.34.4 remote- as 100 




On Rl 




RI(config)r#ro utcr bgp 100 




RI(config-routcr)#ncighbor 10.1. 14.4 rcmotc-as 100 





CCIE R&* by NarMk Kuehariaiw Advanced CC1E R&S Work Book 2.0 

C2009 Narbik Kucha runs. All rijhts raervnl 



Page659i>fJ068 



Having a sin tilt 1 RR can introduce a single point of failure, its best to have multiple 
RRs incase the RR fails, this redundancy is critical when there am many RR clients. 

10 vilify the configuration: 



On kl 

Rl*Sh ip bgp 

BGP tabic version is 6, local router ID is I . I . I . I 

Status codes: s suppressed, d damped, h history. * valid, > best, i - internal, 

r RIB - failure, S Stale 
Origin codes: i - 1GP, c - EGP> ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 



*> 1.0.0.0 


0.0.0.0 





32768 i 


* .2.0.0.0 


10.1.24.2 





100 Oi 


*>i 


10.1.12.2 





100 Oi 


*>i3 .0.0.0 


10.1.13.3 





100 . 


* i 


10.1.34.3 





100 


*>i4.0.0.0 


10.1.14.4 





100 Oi 


To test the 


configuration: 






On kl 







Rl(config)#intsO/0 
Rli;config-it>shut 

On K2 

R2^Show ip bgp 

BGP table version is 8, local router ID is 222.2 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 
rRlB-failurc, S Stale 

Origin codes: i - 1GP, c - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 

*> 2.0.0.0 0.0.0.0 32768 i 

*>i3. 0.0.0 10.1.34.3 100 Oi 

*>i4. 0.0.0 10.124.4 100 Oi 



CCIE R&$ by NarMk Kueharians Advanced CCIE R&S Work Book 2.0 Page 660oflQ68 

C 2009 Virbik. Kucha rim n*. All rijjIiU reserved 



R2#Puig 3.3.3.3 
















Type escape sequence to abort. 
















Sending 5 S 100-bytc [CMP Ethos to 3.3.33, 


timeout is 


2 seconds: 

























Success rate is 100 percent (5/5), 


round- trip 


min/avg'max = 


112.. 


114. 


116 


ms 



task 4 

Erase the startup configuration and reload the routers. Reconfigure the routers based on the 
following IP addressing and topology: 




AS 100 



CCIE R&5> by Narvik Kuehariaiw Advanced CCIE R&S Work Book 2.0 

C2009 Nvbik Kucha rmni. All rijjhu rciervcil 



Page 661 of 1068 



IP Addressing: 



Router 


Interface 


IP address 


Rl 


LoO 

The frame- relay connection to R4 
The frame- relay connection to R2 
The frame- relay connection to R3 


1.1.1.1 .8 
10.1.14.1 ,'24 
10.1.12.1 /24 
10.1.13.1 24 


R2 


LoO 

The frame-rela*. connect ion to Rl 


2.12.2 .'8 
10.1.12.2/24 


R3 


LoO 

The frame- relay connection to Rl 


~l 1 1 t ,o 

1 0.1. 13.3.24 


R4 


LoO 

The frame- relay connection to Rl 
The frame- relay connection to R5 
The frame- relay connection to R6 


4.4.4.4 .'8 
10.1. 14.4 24 
1 0.1. 45.4/24 

10.1.46.4 '24 


R5 


LoO 

The frame- relay connection to Rl 


5 * % 5 .'8 
10.1.45.5 24 


R6 


LoO 

The frame- relay connection to Rl 


6.6.6.6 8 
10.1.46.6 '24 



Lab Setup: 



> Configure Rl with three point-to-point frame-relay connections: these point- 
to-point connections should connect Rl to R2. R3 and R4. 

'r Configure R2 and R3 with a single point-to-point connection to Rl . 

> R4 should be configured with three point-to-point frame-relay connections; 
these point-to-point connections should connect R4 to R5. R6 and Rl . 

> Configure R5 and R6 with a single point-to-point connection to R4. 

> Rl should be configured as the route reflector tor routers R2 and R3. whereas 
R4 should be configured to be the routc-rcflcctor for routers R5 and R6. 

> Rl and R4 should be configured to have an 1BGP peer session between 
them: these two routers should be configured in BGP AS 100. 

> XLR1 for the links should be provided through RlPv2. 



On All Routers 



CCIE R&!s b* Narblk kucharian* 



Ad* ancird CCIE R&S Wurk Book 2.0 

C2009 Narbik Kucha Hani. All rijjhUr«crv«l 



Page 662 of 1068 



(config)#routcr rip 




(config-rautcr)#no an 




(config-rautcr)#vcr 2 




i;coniig-routcr)#nct\v 10.0. 0. 




On Rl 




R 1 (c o n fig-ro li tcr )#m Lit cr bgp 1 




R 1 (c o n fig-ro u t cr) £ no au 




R 1 (c o n fig-ro u tcr)#no syn 




Rl (config-routcr.^nctw 1.0. 0.0 




RI(config-rautcr)#ricighbor 10.1.12.2 remotc-as 100 




Rl (con fig -rout cr)#ncighbor 10.1.13.3 remote- as 100 




Rl(config-routcr)#ncighbor 10.1.14.4 rcmotc-as 100 




Rl (con fig -routcr)# neighbor 10.1. 12.2 rautc-rcf.cctor-c!icnt 




R 1 (config-routcr)T#ncighbor 1 0. 1 . 13.3 routc-rcflcctor-clicnt 




On R2 




R2(config)#ro Liter bgp 100 




R2(config-routcr)r'no aLi 




R2(config-routcr)#no syn 




R2 (c o n fig-ro u tcr)#nct wo r k 2. . . 




R2 (c o n fig-ro li tcr) "neighbo r 10.1.12.1 rcmo t c- as 1 




On R3 




R3(config)#routcrbgp 100 




R3 (con fig-ro utcrj^no au 




R3 (con fig-ro li tcr )#no syn 




R3(config-routcr)r*nct\vork 3. 0.0.0 




R 3 (con fig-ro Litcr)#ncighbor 10.1.13.1 rcmotc-as 100 




To verify the coni'&uratiun: 




On R3 




R3#Sho\v ip bnp 




BGP tabic version is 4. local router ID is 3.3.3.3 




Status codes: s suppressed, d damped, h history, * valid, > best, i 


■ internal, 



CCIE R&^ b\ Narhlk KuL-harLaiw Adt anctd CC1E R&S> Work Buuk 2. II Page 663 of 1068 

C 2009 Njrbik Kuchiriini. All rijjhlj raervetl 



r RIB -failure, S St a 


X 






Origin codes: i - 1GP. c - EG P. ? - incomplete 




Network Next Hop 


Metric LocPrf Weight Path 


*>il .0.0.0 10.1.13.1 




100 


Oi 


*>i2.0.0.0 10.1.112 




100 


Oi 


*> 3.0.0.0 0.0.0 .0 




32768 i 


On R4 








R4(config)#routcrbgp 100 








R4 (con fig-ro u t cr )# no au 








R4 (c o n fig-ro u t cr)# no syn 








R4 fc o n fig-ro u t cr )ft net wo r k 4. . . 






R4 ( c o n fig-ro u tcr)# ncig hb o r 


10.1.14.1 


remote- as 100 




R4 ( c o n fig-ro u t cr ) ft nci g hb o r 


10.1.45.5 


remote- as 100 




R4 (con fig-ro utcr)#ncighb or 


10.1.46.6 


remote- as 100 




R4 (c o n fig-ro u t cr) # ncig hb o r 


10.1.45.5 


routc-rcflcctor- 


client 


R4 (c o n fig-ro u tcr)#ncighbo r 


10.1.46.6 


ro u t c- rtsfle C t o r-c li en t 


On \15 








R5(config)#RoLitcrbgp 100 








R5 (c o n fig-ro u tcr)#No au 








R5(config-routcr)#No syn 








R 5 (c o n fig-ro u t cr ) #N ct wo rk 


5.0.0.0 






R5 (c o n fig-ro u t cr)#Nc igh bo r 


10.1.45.4 


remote- as 100 




On R6 








R6(config)#Routcr bgp 100 








R6 (c o n fig-ro u t cr) # No au 








R6(L'onfig-routcr)#No syn 








R6i;config-roLitcr)r*Network 6. 0.0.0 






R6 (c o n fig-ro u tcr)#Nc igh bo r 


10.1.46.4 


remote- as 100 




10 verify the confisf ura 


lion: 






On R6 








R6#Show ip bgp 








BGP tabic version is 7, loca 


router ID 


is 6.6.6.6 





COE R&S by Narvik Kocharians Advanced CCIE R&S Work Book 2.0 Page 664 of 1068 

C2Q09 NarbikKocharuiiu. All rijhu raerved 






100 Oi 





100 i 





100 : 





100 





100 i 





32768 i 



Status codes: s suppressed, d damped, h history. * valid, > best, i - internal, 

r R] B - tail tire, S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 

*>il. 0.0.0 10.1.14.1 

*>i2 .0.0.0 10.1.12.2 

*>i3 .0.0.0 10.1.13.3 

*>M. 0.0.0 10.1.46.4 

*>i5. 0.0.0 10.1.45.5 

*> 6.0.0.0 0.0.0.0 

On K3 

R3ftShow ip route 

Codes: C - connected, S - static, R - RIP, \\ - mobile, B - BOP 

D - E1GRP, EX - E 1GRP external, O - OSPF, 1 A - OSPF inter area 
XI - OSPF XSSA external type I , N2 - OSPF XSSA external type 2 
El - OSPF external type 1 , E2 - OSPF external type 2 
i - 1S-1S, su - 1S-1S summary, LI - 1S-1S lcvel-1, L2 - 1S-1S levcl-2 
ia - IS- IS inter area, * - candidate default, U - pcr-uscr static route 
o - ODR, P -periodic downloaded static route 

Gateway of last resort is not set 

B 1.0.0.0/8 1 200/01 via 10.1.13.1, 00:08:44 

B 2.0.0.0/8 1 200/01 via 10.1.12.2, 00:08:44 

C 3.0.0.0/8 is directly connected, LoopfoackO 

B 4.0.0.0/8 |200/01 via 10.1.14.4, 00:04:14 

B 5.0.0.0/8 |200/01 via 10.1.45.5, 00:02:57 

B 6.0.0.0/8 |200/01 via 10.1.46.6, 00:02:03 

IO.O.O.Q'24 is suhncttcd, 5 subnets 
R 1 0. 1.14.0 [120/1 J via 10. 1 . 13. 1, 00:00:07, ScrialO'0.31 

C 10. 1 .1 3.0 is directly connected, ScnalO/0.31 

R 1 0. 1 . 1 2.0 [ 120/1 J via 1 0. 1 . 13. 1 , 00:00:07, Serial 0/0. 31 

R 1 0. 1 .46.0 [120/2] via 10.1 . 13. 1, 00:00:08, SerialO.0.31 

R 1 0. 1 4 5. [ 120/2 J via 1 . 1 . 1 3 . 1 , 00 :00 :0 8 , ScrialQ-'0 . 3 1 

Note AS 100 has two route reflectors, each mute-reflector has it's own clients, when 
a given RR receives an update from one of it's clients, it advertises that prefix to the 
other RR/s, the other RR/s in turn advertise that prefix to their clients. 
There are some additional optional non-transitive attributes that can he used when 
RRs are configured and thev are: originator-id, cluster-id and cluster-list. 



CHE R&«* by Narbik Kuchariaiw Advanced CC1E R&S Work Book 2.0 Page 66Safl068 

C2009 N«rbik Koch* runs. All rijhu rcirrvwl 



> Origin a tor- id: This attribute is created by the RR: this is the muter- id of the 
router that originated the prefix, It's created to avoid routing loops, a RR 
will NOT advertise a route back to the originator of the prefix and if the 
originator of a prefix receives an update with its own router-id, it will ignore 
that prefix. 

> Cluster and Cluster- id: A RR/s and its clients are collectively known as a 
cluster, each cluster must be uniquely identified, and the cluster-id is 
typically the router-id of the RR unless specifically configured. 

> Cluster-list: This attribute is analogous to AS -path attribute, and it keeps 
track of the cluster-ids in the same way that the AS-path attribute keeps 
track of the AS numbers. When the RR advertises a prefix to a non-client, it 
appends the cluster-id to that prefix's cluster-list, if a RR receives an update 
and sees its own cluster-id in the cluster-list, it will ignore that update. 

To see the attributes; 

On RI 



RlsShow-ipbgp 6.0.0.0 

BGP routing tabic entry for 6.0.0.0/8. version 21 

Paths: (1 available, best #1. tabic Default-] P- Routing- Table) 

Advertised to update-groups: 
2 

Local 
10.1.46.6 (metric 1) from 10.1.14.4 (4.4.4.4) 
Or.L'.n ICJP. metric 0, localprcf 100, valid, internal, best 
Originator: 6.o.n.n ; Cluster list: 4.4.4.4 

Note prefix 6.(1.0.(8 is the originator of the prefix and it came from 4.4.4.4 (The 
cluster- list). 

On R3 

R>Showipbgp 6.0.0.0 

BGP routing table entry for 6.0.0. 0/8, version 25 

Paths: (1 available, best #1, tabic Default-] P- Routing- Tabic) 
Not advertised to any peer 

Local 



CCIE R&* by NarMk Kueharians Advanced CCIE R&S Work Book 2.0 Page 666 of 1068 

C 3009 Virbik. Kucha runi. All rig lib reserved 



1 .0.1.46.6 (metric 2) from 10.1.13.1 (1.1.1.1) 
Origin 1C3P, metric 0, localprcf 100, valid, internal, best 
Originator: 6.6.6.6. Cluster list: 1,1.1.1,4.4.4.4 

Note this, prefix has gone through cluster- ids of 4.4.4.4 first and then it traversed 
through cluster- id 1.1.1.1 before it was received by the local router. 

Note the originator-id is the router-id of the router that originated that prefix, the 
output ol the following "Show" command reveals the router-id of the router that 
originated the mute. 

RfttSh ip bgp 



BGP tabic version is 7, local router ID is 6.6.6.6 
Status codes: s suppressed, d damped, h history. * valid, > best, 
r RIB -failure, S Stale 

Origin codes: i - 1GP. e - EGP, ? - incomplete 



- interna. 



Network 
*>il. 0.0.0 
*>i2.0.0.0 
*>i3 .0.0.0 
*>i4.0.0.0 
*>i5 .0.0.0 
*> 6.0.0.0 



Next Hop 

10.1.14.1 

10.1.12.2 

10.1.13.3 

I ft 1 .46.4 

10.1.45.5 

0.0.0.0 



ctric LocPrf Weight Path 



100 
100 
100 
100 

100 



Oi 
Oi 
Oi 
Oi 
Oi 







32"6Si 



Task 5 



Erase the startup con fig and reload the routers before proceeding to the next lab. 



CCIE R&S bv Narbik KuL-harians 



Advanced CCI E R&S Work Book 2.0 

C2009 Varbik Kucha riani. All rnjhti raerv«l 



Page 66? of 1068 



Lab 3 
Conditional Advertisement & BCP Backdoor 






EIGRP 100 

150.1.23^/24 




\ 



AS 100 



l.al> Setup: 



> Configure R! to have two point-to-point frame- relay connect ions, one eonncc ting 
Rl to R2, and the other connecting Rl to R3. 

> R2 and R3 should be configured with a single frame-relay point-to-point 
connection to Rl. 

> Con figure R2 a nd R3 ' s F 0/0 in tcriace to be i n V L A N 23 . 



CCIE R&«, by Narvik Kuehariaiw Advanced CCIE R&S Work Book 2.U 

C2009 Varbik Kucha riani. All rijjhu rciervcil 



Page 668 of 1068 



II* addt Lssinjj; 



Router 


Interface 


II* Ad drew 


AS number 


Rl 


LoO 


1.1.1.1 /8 


100 




SO/0.12 


10. 1.12.1 ,24 






SO 0.13 


10.1.13.1 04 




R2 


LoO 


2.2.2.2/8 


200 




I.o 1 


150.1.2.2 /24 






SO/0.21 


10. 1.1 2. 2 '24 






FO.'O 


150.1.23.2 '24 




R3 


LoO 


3.3.3.3/8 


300 




Lol 


150.1.3.3/24 






SO 0.31 


10. 1.13.3 24 






FO 


150.1.23.3/24 





I ask I 

Configure EBGP peer sessions as follows: 

> Rl to have an EBGP peer session to R2 and R3 

> R2 and R3 to have an EBGP peer session to Rl 



On Rl 












Rlfconfig)#ro Liter bgp 100 
Rl feonfig-routcr)r*no auto 
R 1 ( eonf]g-routcr)#ricighbor 
R 1 ( e o n fig-r o u t cr) # neig hb o r 


10.1. 
10.1. 


12.2 
13.3 


remote- 
remote- 


as 
as 


200 
300 


On R2 












R2(config)#routcrbgp 200 
R2(config-routcr)r ! no au 
R2 ( c o n fig-r o u t cr ) S ne: g lib o r 


10.1. 


12.1 


remote- 


as 


100 


On K3 












R3fconfig-it>roLitcr bgp 300 

R3(config-routcr)#no au 

R 3 (e o n fig-ro u ter)#ncighbo r 10.1. 


13.1 


remote- 


as 


100 


I o verify the configura 


tion 


« 









eOE R&S by Narvik KucharLaiw Advanced CCIE R&S Work Book 2.0 

€204)9 Varbik Kucha riini. All rijhU reserved 



Page 669 of 1068 



On kl 

Rl^Show ip bap summary 

BGP router identifier 1 . 1 . 1 . 1, local AS number 100 
BGP table version is 1, main routing table version 1 

Neighbor V AS MsgRcvd MsgScnt TbIVcr InQ OutQ L'p/Down State PixRcd 
10.1.122 4 200 3 3 10 00:00:56 

10.1.13.3 4 300 4 4 10 00:00:20 



task 2 

Configure Rl , R2 and R3 to advertise their loopbackO interface in BGP. 



On kl 

R 1 (c o n fig-rd u t cr)# ro ut cr bgp 100 
Rl (config-routcr)r*nctwork 1.0.0.0 

On K2 

R2 (c o n fig-ro u ter)# ro ut er bgp 20 

R2(config-routcr)r*nctwork 2.0.0.0 

On R3 

R3(config)nroutcrbgp 300 

R 3 (c o n fig-ro u t cr)r*nctwo r k 3.0.0.0 

To verify the configuration: 

On K3 

R3^Sho\v ip bgp 

BGP tabic version is 4, local router ID is 150. 1 .3.3 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

rRlB-iailurc, S Stale 
Origin codes: i - 1GP, c - EGP, '- 1 - incomplete 



CCIE R&S by Narbik Kuehariaiw Advanced CCIE R&S Work Book 2.0 Page 6?0afl068 

C 2009 NarbikKocharians. All rig h Unnerved 



Network 


Next Hop 


Metric LocPrf Weight Path 


*> 1.0.0.0 


10.1.13.1 


100 i 


*> 2.0.0.0 


10.1.13.1 


100 200 i 


*> 3.0.0.0 


0.0.0.0 


?2~oS- 



Task 3 

Configure RlPv2 and Eigrp 100 on the routers as follows: 

> Configure RlPv2 on all routers to advertise network 10.0.0.0. these routers should 
have their auto summarization disabled. 

> R2 and R3 should also advertise their loopbackl and F0 interface in Eigrp 
AS* 1 00. 



On R2 and R3 

(config^routcr eigrp 100 

i conf.g -router)- no liu 

( config-routcr')#nctw 150.1 .0.0 

On All Routers: 

( co nil g)* Router Rip 
(config)#Vcr 2 
(config-routcr)#No au 
( config-router^N'ctwork 1 0. 0. 0.0 



Task 4 

If the link between R2 and R3 (The F0.O interface) goes down, Loopbackl network of 
these two routers won't have connectivity even though there is a redundant link between 
these two routers, therefore, the administrator of R2 and R3 decided to advertise their 
Loopback I interface in BGP for redundancy, configure these routers to accommodate 
this decision. 



CCIE R&«> by Narblk Kuehariaiw Advanced CCIE R&S Work Book 2.0 Page 671 afJ068 

C2009 Narbik Kucha rians. All rijjhu ri-irrvcU 



On R2 

R2(config -router)** rout cr bgp 200 

R 2 ( c o n fig-ro u tcr)** net wo rk 150.1 .2.0 mask 25 5255 2 5 5 .0 

On R3 

R3 (c n fig)* ro ut cr bgp 300 

R 3 (con fig-ro Liter)** network 150.1.3.0 mask 255.255.255.0 

To verify the configuration: 

On R2 

R2**Show ip route 

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP 

D - E1GRP, EX -E1GRP external O - OSPF, 1A - OSPF inter area 
XI - OSPF NSSA external type I , N2 - OSPF NSSA external type : 
El - OSPF external type 1, E2 ■ OSPF external t>pc2 
i - 1S-1S, su - 1S-1S summary, LI - 1S-1S lcvcl-1, L2 - 1S-IS lcvcl-2 
ia - IS-1S inter area. * - candidate default, L" - pcr-uscr static route 
o - ODR, P -periodic downloaded static route 

C3 ate way of last resort is not set 

B 1 .0.0.O/8 [20/0 J via 10. 1. 12.1 s 00:18:54 

C 2.0.0. 0'8 is directly connected, LoopbackO 
B 3.0.0.0/8 [20/0 J via 1 0. 1 . 1 2. 1 , 00: 1 8:54 

1 .0 .0 .024 i s su bn fitted, 2 sub nets 
R 1 0. 1 . 1 3 . [ 1 20/ 1 J v ia 1 . 1 . 1 2 . 1 , 00: 00:01, ScrialO/0 .2 1 
C 1 0. 1 . 12.0 is d ircctly connected, Scrial0/021 

150. 1 .0.0/24 is sub netted, 3 subnets 
C 1 50. 1 .23.0 is directly connected, FastEthcrnctO/0 
B 15(1. 1.3.0| 20/01 via 10.1.12.1, 00:13:21 
C 1 50. 1 2.0 is d ircctly connected, Loopback 1 

On R3 

R3**Show ip route 

Codes: C - connected, S - static, R- RIP, M - mobile, B - BGP 

D - E1GRP, EX -E1GRP external. O - OSPF. LA - OSPF inter area 



CCIE R&«» bv Narbik Kucharians 



Advanced CCIE R&S Work Book 2.0 

C 2009 Nir bik. Kuch iriini. All rijhU reerved 



Page 672 of 1068 



XI - OSPF XSSA external type I s X2 - 05 PF XSSA external type 2 
El - OSPF external type I . E2 - OSPF external type 2 
i - IS-1S, su - IS-1S summary, LI - 1S-1S level- 1, L2 - IS-1S levcl-2 
ia - 1S-1S inter area, * - candidate default, L" - per- user static route 
o - ODR, P - periodic downloaded static route 

Gateway of last resort is not set 

B I .O.O.fl'S [20/0 J via 10. 1.13 J, 00:20:24 

B 2.0.0. QfB [20/0 J via 1 . 1 . 1 3 . I , 00 : 2 : 5 5 
C 3.0.0. 0/8 i s d i rcc t ly co n n cc t cd , Loo p b ac kO 

1 0.0.0. 0'24 issubnetted, 2 subnets 
C 10.1.13.0 is directly connected, ScrialO/0.31 
R 1 0. 1 . 1 2.0 [ 120/1 J via 1 0. 1 . 1 3.1 , 00:00:20, Scrial0'0.31 

150. 1 .0.0/24 is subncttctL 3 subnets 
C 1 50. 1 .23.0 is directly connected, FastEthcrnctO/0 
C 1 50. 1 .3.0 is directly connected, Loopback I 
B I50.I2.fl [20/01 via 10.1.13.1,00:15:22 



TaskS 

After implementing the previous task, the administrators realized that the traffic between 
networks 150.1.2.0 .'24 and 150.1 .3.0 .'24 is taking a sub-optimal path; it is not using the 
direct path between routers R2 and R3. 

Implement a BGP solution to fix this problem; you should XOT use the distance or any 
global contig mode command to accomplish this task. 



On K2 

R2iconfig)#ro titer bgp 200 

R2(config-routcr)r*netnork 150.1.3.0 mask 255.255.255.0 backdoor 

On R3 

R3(config)#routcrbgp 300 

R3i;config-routcr)#netwoi-k 150.1.2.(1 mask 255.255.255.0 buekdoor 

To verify the configuration: 

On R2 



CCIE R&<> by Narbik Kuehariuiw Advanced CCIE R&S Work Book 2.0 

C 3(109 Narbik Kucha rianx All righ U reserved 



Page 673 of 1068 



R_r*Sho\v ip route 

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP 

D - EIGRP, EX - EIGRP external, - OSPF, I A - OSPF inter area 
XI - OSPF NSSA external type 1 , X2 - OSPF XSSA external type 2 
El - OSPF external type 1, E2 - OSPF external type 2 
i - IS-IS, su - 1S-1S summary, LI - IS-IS lcvcl-1, L2 - IS-IS lcvcl-2 
ia - IS-IS inter area, * - candidate default, L" - pcr-uscr static route 
o - ODR, P - period ic downloaded static route 

Gateway of last resort is not set 

B 1 .0.0.QV8 [20/0] via 10. 1. 12.1 , 00:27:57 
C 2.0.0.0/8 is directly connected, LoopbackO 
B 3.0.0. 0/8 [20/0 J via 1 0. 1 . 1 2. 1 , 00:27:57 

1 0.0.0. Q'24 is subnet ted, 2 subnets 
R 1 0. 1 . 1 3 .0 [ 120/ 1 J via 1 . 1 . 1 2 . 1 , 00: 0:14, Scrial0/0 .2 1 
C 10. 1 .12.0 is directly connected, ScrialO'0. 21 

150. 1 .0.0/24 is subnetted, 3 subnets 
C 1 50. 1 .23.0 is directly connected, FastEthcrnctO/0 
D 150.1.3.0 190/156160] via 150.1.23.3, 00:01:19, FastElliernetO.'O 
C 150. 1.2.0 is directly connected, Loopbackl 

On R3 

R3#Show ip route 

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP 

D - EIGRP, EX -EIGRP external, O - OSPF, LA - OSPF inter area 
XI - OSPF NSSA external type 1 , X2 - OSPF XSSA external type 2 
El - OSPF external type 1, E2 - OSPF external type 2 
i - IS-IS, su - IS-IS summary, LI - IS-IS lcvcl-1, L2 - IS-IS lcvcl-2 
ia - IS-IS inter area, * - candidate default, U - pcr-uscr static route 
o - ODR, P -periodic downloaded static route 

Gateway of last resort is not set 

B 1 .0.0.0/8 [20/0 J via 10.1. 1 3.1 , 00:28:07 
B 2.0.0. 0/8 [20/0 J via 1 0. 1 . 1 3.1 , 00:28:38 
C 3.0.0.0/8 is directly connected, LoopbackO 

1 0.0.0. 0/24 is subletted, 2 subnets 
C 1 0. 1 . 1 3.0 is d ircctly connected, ScrialO/0. 31 
R 1 0. 1 .12.0 [120/1 J via 10. 1 . 1 3.1 , 00:00: 14, ScrialO/0.31 

150. 1.0.0/24 is sub net ted. 3 subnets 



CCIE R&<> by NarWk Kuchariaiw Advanced CCIE R&S Work Book 2.0 Page 674 of 1068 

C2Q09 NarbikKocharuiiu. All rights rnervetl 



C 1 50. 1 .23.0 is directly connected, FastEthcrnctO/0 

C 1 50. 1 .3.0 is directly connected. Loopback 1 

D 150.1.2.0 |90/1561601 via 150.1.23.2, 00:01:11, Fast Ethernet 0/0 

Note 112 and R3 were receiving routing information for networks 150.1.2.0/24 and 
150.13.0 .'24 fnim two different sources, BGP and Eigrp. 

R2 and R3 were using the muting information from BCrP because it had a lower 
administrative distance (20 versus 90). 

The "Network backdoor" command is a BCrP solution to this problem: the BCrP 
"backdoor"' option assigns an administrative distance of 200 to networks 150.1.2.0 
.'24 and 150.13.0 .14, therefore, making the Eigrp more believable. 

Enter the following commands to actually see the changed administratis e distance: 

On R2 and K3 

(config)#NO router eigrp 100 

On R2 

R2"Sh ip route 

Codes: C - connected, S - static, R - RIP, M - mobile, B - BOP 

D - EIGRP, EX -EIGRP external, - OSPF, LA - OSPF inter area 
Nl - OSPF NSSA external type I, N2 - OSPF NSSA external type 2 
El - OSPF external t>pc 1, E2 - OSPF external type 2 
i - 1S-1S, su - IS-IS summary, LI - 1S-IS levcl-l ? 'L2 - 1S-IS rCvcl-2 
ia - IS- IS inter area, * - candidate default, L* - per- user static route 
o - ODR, P - periodic downloaded static route 

Gateway of last resort is not set 

B 1 .0.0.0/8 [20/0 J via 1 0. 1.12.1, 00:36:39 
C 2.0.0.0/8 is directly connected, LoopbackO 
B 3.0.0.Q''8 [20/0 J via 10.1.12.1, 00:36:39 

10.0.0.0/24 issubnetted, 2 subnets 
R 10. 1.13.0 [120/1] via 10.1.12.1, 00:00:1 1, ScriaIO/0.21 
C 1 0. 1 . 1 2.0 is d ircctly connected, ScrialO/0.21 

150.1.0.0/24 is sub netted, 3 subnets 
C 1 50. 1 .23.0 is directly connected, FastEthcrnctO/0 
B 150.1.3.0 1200/01 via 10.1.12.1,00:00:13 
C 1 50. 1 2.0 is directly connected, Loopback 1 



CCIE R&«* by Nartrfk Kuehariaiw Advanced COE R&S Work Book 2.11 Page 6?SoflQ68 

C MOD Narbik. Kucha runi. All rtj|hli reserved 



On K3 

R3#Show ip route 

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP 

D - E1GRP, EX -E1GRP external, - OSPF, 1A - OSPF inter area 
M - OSPF XSSA external type I , N2 - OSPF XSSA external type 2 
El - OSPF external t>pc 1, E2 - OSPF external type 2 
i - IS-IS, su - IS-1S summary, L I - 1S-1S Icvc1-1,'l2 - 1S-]S lcvcl-2 
ia - IS-IS inter area, * - candidate default, L" - pcr-uscr static route 
o - ODR, P - periodic downloaded static route 

C3 ate way of last resort is not set 

B I .O.O.O'S [20/0 J via 1 0. 1 . 1 3. 1 , 00:39:19 
B 2.0.0. 0/8 [20/0 J via 1 0. 1 . 1 3.1 , 00:39:50 
C 3.0.0. 0/8 i s d i roc t ly co n ncc t cd , Loo p bac kO 

10.0.0.0/24 is subnetted, 2 subnets 
C 1 0. 1 . 13.0 is d ircctly connected, ScrialO 0. 31 
R 1 0. 1 . 1 2.0 [ 120/1 J via 1 0. 1.13.!, 00:00: 1 9, ScrialO^ 0.31 

150. 1. 0.024 is subnetted, 3 subnets 
C 1 50. 1 .23.0 is directly connected, FastEthcrnctO/0 
C 1 50. 1 .3.0 is d ircctly connected, Loopback 1 
B 150.1.2.0 1200/01 via 10.1. 13.1, 00:02:57 



Task 6 

Remove the IP address from the F0/0 interlace of R2 and R3 and ensure that the FO'O 
interface of both routers is in administratively down state. You should also remove the 
Loopbackl interface from these two routers. 



On \U and K3 

(conlig)#]ntcriacc FO/0 
(config)#NO ip address 
( co niig)r*S h ut do w n 

foomfig)#NO bit lol 



CC1E R&«, by Narbik KoeharLans Advanced CCIE R&S Work Book 2.0 Page 6?6oflQ68 

C 3009 \irlrib Kucharuni. All rijhU rcirnMl 



Task 7 

Configure Rl as follows: 

If network 2.0.0.0 is up and it's advertised to Rl.RI should take the following actions: 

> R 1 should NOT advertise it's network 1.0. 0. 8 to R3. 

> Rl should ONLY advertise network 2.0.0.0 1% to R3 

However, if network 2.0.0.0 8 is down, then Ri should take the following actions: 

> R 1 should advertise network 1 .0.0.0 8 to R3. 

> Rl should remove network 2.0.0.0 8 from it's BGP table. 



Before configuring this task you should verify the current BGP table of these routers: 

Rl#Shjpjw ip bgp 

BGP table version is 7, local router ID is 1.1.1.1 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

r RIB -failures Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 

*> 1.0.0.0 0.0.0.0 32768 i 

*> 2.0.0.0 10.1.12.2 200 i 

*> 3.0.0.0 10.1.13.3 300 i 

R2r*Show ip bgp 

BGP tabic version is 7, local router ID is 222.2 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

r RIB -failure, S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 

Network N'cxtHop Metric LocPrf Weight Path 

*> 1.0.0.0 10.1.12.1 100 i 

*> 2.0.0.0 0.0.0.0 32768 i 

*> 3.0.0.0 10.1.12.1 100 300 i 

R3#Show ip bgp 

BGP table version is 7, local router ID is 3.3.3.3 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 
r RIB -failure, S Stale 



CCIE R&«* by NarWk Kuchariaiis Advanced CCIE R&S Work Book 2.0 Page 6??t>flQ68 

C 2009 NarbikKochariaiu. All riflhU rcirrvwl 



Origin codes: i - 1GP. e - EGP, ? - incomplete 

Network Next Hop Metric LocPri* Weight Path 

*> 1.0.0.0 10.1.13.1 lOOi 

*> 2.0.0.0 10.1.13.1 100 200 i 

*> 3.0.0.0 0.0.0.0 32768 i 

To conditionally advertise selected routes \ve can use the following commands: 

'r Advertise-map 

> Non-exist-map 
'r r-xist-map 

This situation calls lor the use of the "advertise-map '" and non-exist-map 1 " as follows: 
On Rl 

Rl(config)#acccss-list I permit 1.0.0.0 0.255.255255 
Rli;config)#acccss-list 2 permit 2.0.0.0 0255.255.255 

Rl (config)#routc-map ADV permit 10 

R 1 fc o n fig-ro u t c- map ) * mat C h ip ad d r I 
R 1 (config-rou tc-map Jrrcxit 

Rl(config)#routc-map .Not!' here permit 10 

Rl(config-routc-map)frmatch ip addr 2 
R I (c o n fig-ro u t c- map )#cx it 

To prevent confusion you should select meaningful names for the mute-maps. Note the 
access-list numbers and the names of the route-map. 

R I (config^ro Liter bgp 100 

Rl(eonfig-routcr)#neighbor 10.1.13.3 advertise-map AUV non-exist-map Nut There 

The neighbor command has the following route-maps: 

> The advertise-map — Specifies the name of the route-map that will be 
advertised if the condition of the non-exist-map is met. 

> Non-exist-map — specifies the name of the mute-map that will be compared to 

the ad\ertise-map. If the condition is met and no match occurs, the route will 
be advertised. If a match occurs, then the condition is NOT met, and the route 



CCIE R&l's by Narbik Kueharians Advanced CCIE R&S Work Book 2.0 Page 6?8afJ068 

C2Q09 Virbik Kutlnrbru. All righl3 raerved 



is withdrawn. 

Note if network 2.0.0.0 is up, then network 1 .0.0.0 should NOT be advertised to R3, 
since all the networks are up and advertised, Rl should withdraw it's network (1. 0.0.0 

On Rl 



Rl^Show ip bgp 

BGP tabic version is 7. local router ID is 1 . 1 . 1 . I 

Status codes: s sup pressed, d damped, h history, * valid, > best, i - internal, 

r RIB -failure, S Stale 
Origin codes: i - 1GP, e - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 

*> 1.0.0.0 0.0.0.0 32768 i 

*> 2.0.0.0 10.1.12.2 200 i 

*> 3.0.0.0 10.1.13.3 300 i 

Note Rl does NOT advertise it's network (1. 0.0.0 /8) to R3: 

R l^Show ip bgp neighbors 1 0. 1 . 1 3.3 advertiscd-routes 

BGP tabic version is 7, local router ID is I . I . I . I 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

rRlB-failurc, S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 

*> 2.0.0.0 10.1.12.2 200 i 

Note the output of the following command reveals that the bgp table of R3 does not 
have network 1.0.0.0/8: 

On K3 

R3*Sho\v ip bgp 

BGP tabic version is 34, local router ID is 3.3.3.3 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

r RIB -failure, S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 



CHE R&l$ by Narbik Kocharians Advanced CCIE R&S Work Book 2.0 Page 6?9afl068 

C2Q09 N»rbik Koch* runs. All rijhu raerved 



Network Next Hop Metric LocPrf Weight Path 

*> 2.0.0.0 10. 1. 13. 1 100 200 i 

*> 3.0.0.0 0.0.0.0 32768 i 

I u test the condition: 

On R2 

R2iconfig)#int loO 
R2(L'orifig.if)#ShLil 

The output of the following "Show'" command reveals that network 2.0.0.0 is DOWN 

therefore, Rl should advertise its network (1.0.0.0 /8) to R3. It may take few seconds 
for this policy to get implemented: 

On Rl 



RlrrShow ip bgp neighbors 10.1.13.3 advertised -routes 

BGP tabic version is 7, local router ID is I . I . I . I 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

r RIB -failure, S Stale 
Origin codes: i ■ IGP, c ■ EGP, ? ■ incomplete 

Network Next Hop Metric LocPrf Weight Path 

*> 1.0.0.0 0.0.0.0 32768 i 

Note network 1.0.0.0 is advertised to R3. 



I ask 8 

Remove the configuration commands entered in Task 7 before you proceed to the next 
task. Ensure that the routers have the advertised networks in their BGP tabic. 



On Rl 

R 1 f co nfig)#NO access- list 1 
Rli;config)#NO access-list 2 

Rli;config)*NO route-map ADV 



CCIE R&«* by Narvik Kueharians Advanced CCIE R&S Work Book 2.0 Page 680aflQ68 

C2009 Narbik Koch* runs. All rij[liU raerved 



Rl(contig)#NO route-map Not There 

Rl(eonfig)#router bgp 100 

Rli L'onlig-routerJSNi I neighbdn 10. 1. 13, 3 advertise-map A D V n&ij-cxist-map N'ot There 

Rl#Clcaripbgp * 

On R2 

R2(contig)#int loO 
R2(config-ii)#N» shut 

On Rl 



Rl#Stow jp bgp 

BGP tabic vcrsio n is 4. local router ID is 1 . 1 . 1 . 1 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal. 

r RlB-failurc, S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 

*> 1.0.0.G 0.0.0.0 32768 i 

*> 2.0.0.0 10.1.12.2 200 i 

*> 3.0.0.0 10.1.13.3 300 i 

On R2 

R2r*Shmv jp bgp 

BGP table version is 18 s local router ID is 150.122 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

r RIB -failure, S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 

*> 1.0.0.0 10.1.121 100 i 

*> 2.0.0.0 0.0.0.0 32768 i 

*> 3.0.0.0 10.1.12. 1 100 300 i 

On R3 

R 3" Show ip bgp 



CCIE R&$ by NarMk Kueharians Advanced CC1E R&S Work Book 2.0 Page 681 of 1068 

£2009 Narbik Ktichiriini. All rijjhtj reirrvcii 











BGP tabic version is 19, local router ID is 3.3.3.3 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

r RIB-failurc, S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 
*> 1.0.0.0 10.1.13.1 100 i 
*> 2.0.0.0 10.1.13.1 0100 200 i 
*> 3.0.0.0 0.0.0.0 32768 i 








Task 9 

Rl should be con figured according to the following policy': 

£• If both networks (1.0.0.0 8 and 2.0.0.0 .8) arc up, then both networks should be 
advertised to R3. 

> If network 1.0.0.0 1% is down, Rl should NOT advertise network 2.0.0.0 8 to R3. 

> If network 2. 0. 0.0 t% is down, then Rl should only advertise network 1 . 0. 0. /8 to 
R3. 








On Rl 

Rll'config)#access-list 1 permit 1.0.0.0 0.?55.?55 ?55 

Rl(config)#acccss-list 2 permit 2.0.0.0 0.255.255.255 

Rl(config)# route- map ADV permit 10 
Rl(config-routc-map)^match ip addr 2 
R I (c o n fig -ro u t c- map )#ex it 

Rl(config)rrro Lite- map EXIST permit 10 
Rl (config-routc-map)#match ip addr 1 
R! i'config-routc-map)#cxit 

R 1 (c o n fig^ro u t cr bgp 100 

Rlfconfig-routcrtTrneiyhhor 10.1.13.3 advertise-map ADV exist-map EXIST 

To test the first condition: 






cc 


IE R&* b> Narbik KoeharLami Advanced CCIE R&S Work Book 111 Page 682 of It 

E 3(109 Virbik. Kucha runi. All rig lib reserved 


w 





On Kl 

Rl^Show ip bgp 

BGP tabic version is 4, local router ID is 1 . 1 . 1 . 1 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

r RJB -failure, S Stale 
Origin codes: i - 1GP, e - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 

*> 1 .0.0.0 0.0.0.0 32768 i 

*> 2.0.0.0 10.1.122 200 i 

*> 3.0.0.0 10.1.13.3 300 i 

On R2 

R2#Show ip bgp 

BGP table version is 18, local router ID is 150.1.22 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

rRlB-failurc, S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 

*> 1.0.0.0 10.1.12.1 € 100 i 

*> 2.0.0.0 0.0.0.0 32768 i 

*> 3.0.0.0 10.1.12.1 € 100 300 i 

On R3 

R3"Show ip bgp 

BGP table version is 19, local router ID is 3.3.3.3 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

rRlB-failurc, S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 

*> 1.0.0.0 10.1.13.1 € 100 i 

*> 2.0.0.0 10.1.13.1 1 00 200 i 

*> 3.0.0.0 0.0.0.0 32768 i 

To test the second condition: 



CCIE R&«* by NarMk KucharLaiw Advanced CCIE R&S Work Book 2.0 Page 683 of 1068 

C 3009 Narbik Ktichiriini. All rijjhtj reirrvcil 



On Kl 

Rl(eonfig)#Int bO 
R 1 (c o n fig- ii> Shut 

To test and verify the configuration: 

On Rl 

R l#Show ip bgp neighbors 10.1.13.3 advertised -routes 
Total number of prefixes 

On K3 

R3f*Sh ip bgp 

BGP table version is 12, local router ID is 3.3.3.3 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

rRlB-iailurc, S Stale 
Origin codes: i - IGP, c - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 

*> 3.0.0.0 0.0.0.0 32768 i 

Note if network 1.(1.(1.(1 is down none of the networks are advertised to R3. 

To Im'Jitj up the I.ooplmck inlfrfai'L 1 of Rl: 

On kl 

Rl(config)#Int loO 
R 1 (c o n fig- if )#No S h ut 

To verify the configuration: 

On R3 

R3*Sh ip bgp 

BGP table version is 14, local router ID is 3.3.3.3 

Status codes: s suppressed, d damped, h history, * valid, > best, i ■ internal, 
r RIB -failures Stale 



CCIE R&«* by NarbOc Kueharians Advanced CC1E R&S Work Book 2.0 Page 684afl068 

£2009 Narbik Kucha riaiu. All rijjhU rcirrvMl 



Origin codes: i - 1GP, c - EGP, ? - incomplete 



Network 




Next Hop \: 


*> 1.0. 0.0 




1 0. 1 . 1 3. 1 


*> 2.0.0.0 




10.1.13.1 


*> 3.0.0.0 




0.0.0.0 


'I'll tL'St the 


th 


ird condition: 


On R2 







100 i 
100 200 
32768 i 



R2iconfig)#int loO 
R2(config-il>Shut 

On Rl 



Rl^Show ip bgp neighbors 10.1.13.3 advertiscd-routes 

BGP table version is 6, local router ID is 10. 1 .13.1 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

rRlB-iailurc, S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 

*> 1.0.0.0 0.0.0.0 32768 i 

Total number of prefixes 1 

On R3 

R3#Shgw ip bgp 

BGP table version is 17, local router ID is 3.3.3.3 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

rRlB-iailurc, S Stale 
Origin codes: i - 1GP, e - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 

*> 1.0.0.0 10.1.13.1 100 i 

*> 3.0.0.0 0.0.0.0 32768 i 



CCIE R&<* by Narbik Kocharians Advanced CCIE R&S Work Book 2.0 Page 68SoflQ68 

C 2009 \irlrib Kucharuni. All righta rcirrvril 



Task 10 

Erase the startup COnfig and reload the routers before proceeding to the next lab. 



CCIE R&«* by Narbik Kuchariaiw Advanced CCIE R&S Work Book 2.0 Page 686 of 1068 

£ £009 >iarl>ik Kucha rlim All rij|hu raerved 



Lab 4 

Route Dampening 



AS 100 



AS2QQ 



\ 



LoO 




FQVO 



AS 400 




10.123 JO i24 

AS3Q0 ~~ ^ 



FQ.'O 



\ 
/ 



• 



\ 






/ 



1 Ol 1.45.0 /24 




N 



\ 

I 



V 



AS 5 00 



• 



CCIE R&«» by Narvik Kuehariaiw Advanced CCIE R&S Work Book 2.U 

C2009 Varbik Kucha riani. All rijjhu rciervcil 



Page 68 7 of 1068 



Lal> Set up: 

> Configure the frame-relay connections between the routers in a point-to-point 

manner. 

> Configure R2 and R3 ! s FO'O interlace in VLAN 23. 

> Configure R4 and R5' s FO'O interlace in VL AN 45. 

>• The IP address assignment of the routers should be based on the lb Ho wing IP 
addressing chart: 



Ip mi dressing; 



Router 


Interface 


IP Address 


AS number 


Rl 


LoO 


1.1.1.1 8 


100 




SO/0. 12 


10.1.12.1 24 




R2 


LoO 


1 <1 ■) "1 i'O 

-1 O 


200 




SO 0.21 


10.1.12.2 24 






F0 


10.1232 ^4 




R3 


LoO 


T T T T iO 

3.3.5.5 .0 


300 




SO: 0.34 


10.1.34.3/24 






F0 


10.1.23.3/24 




R4 


LoO 


4.4.4.4 /8 


400 




Lol 


40.4.4.4 /24 






Lo2 


44.4.4.4 .'24 






SO/0.43 


10.1.34.4 24 






F0 f) 


10.1.45.4 24 




R5 


LoO 


5.5.5.5 8 


500 




F0 


10.1.45.5 24 





Task 1 

Configure an EBGP peer session between RI and R2 and only advertise their LoopbackO 
interface in BGP. Ensure that these routers have XLR1 to each others advertised prefix. 
Rl should be in AS 100 and R2 should be in AS 200. 



On RI 



R 1 fc o n fig )" router bgp 100 



CCIE R&*» b\ Narbik KuL-harLuiw Advanced CC1E R&S Work Book 2. II 

C 2009 Narbik Kucha riam. All righta rtiervfd 



Page 688 of 1068 













RI(config-routcr)rmo au 

Rl{eom%-roiiter)#rcighbor 10.1.12.2 rcmotc-as 200 
Rl (config-routcr)#nct\vork 1 .0.0.0 

On R2 

R2(config)#ra Liter bgp 200 
R2(config-routcr)r*nct\vork 2.0.0.0 
R2i;config-routcr)#ncighbor 10.1.12.1 rcmotc-as 100 
R2(config-routcr)#rio au 

To verify the configuration: 

Rl~Sho\v ip bgp 

BC5P tabic version is 3, local router ID is 1 . 1 . 1 . I 

Status codes: s suppressed, d damped, h history. * valid, > best, i - internal, 

r RIB -fai lure, S Stale 
Origin codes: i - 1GP, c - EGP. '- 1 - incomplete 

Network Next Hop Metric LocPrf Weight Path 
*> 1.0.0.0 0.0.0.0 32768 i 
*> 2.0.0.0 10.1.12.2 200 i 






Task 2 

Configure route dampening on Rl using the dcfau'jt parameters. 








On Rl 

R 1 (c o n fig-ro u ter)# ro ut cr bgp 1 
Rl (confag-routcr^bgp dampening 

The parameters of BGP dampening are as follows: 

r Half-lime — Onte a route has been assigned a penalty, the accumulated penalty 
is decreased every 5 seconds such that when the half pe nod expires, the 
accumulated penalty is reduced by half. The default value of half-time is 15 
minutes and the range is 1 to 45 minutes. 

> Reuse - If the penalties for a Happing route is decreased enough to fall below 




cc 


IE R&^ b> Narhlk kuchuriaiM Advanced CCIE R&S Work Book 2.11 Page 689ofl068 

C2009 Varbik Kucha riant. All rijjhu reserved 





this value, the route is reusable. The default is 750 and the range is 1 to 200(H). 

> Su ppress — Once the accumulated penalties reach this value, the mute is 
suppressed. The default value is 2000 and the range is 1 -20000. 

P Max- Sup press- Time — The maximum time in minutes that a mute can be 
suppressed. The default value is 4 times the half-time value (60 minutes) and 
the range is 1 to 255. 

Therefore this configuration performs the following: 

Half-time = 15 minutes, reuse = 750, Suppress = 2000 and Ma\-Suppress-Time = 60. 

To sec the parameters for dampen in tr: 
On kl 

Rl**Sh ip bszp dampening parameters 

dampening 15 750 2000 60 (DEFAULT) 

Half- life time : 15 mins Decay Time : 2320 sees 

Max suppress penalty: 12000 Max suppress time: 60 mins 

Suppress penalty : 2000 Reuse penalty : 750 

If network 2.0.0.0 is shutdown and then brought backup few times, the flap-statistics 
can be viewed in the "Show ip bgp dampening flap - st a ti sties'* command. 



Task 3 

Configure an EBGP peer session between R2 and R3. and advertise their LoopbackO 
interface in BGP. Ensure that these routers have NLR1 to each others Loopback interface. 
R3 should be configured in AS 300. 



On \U 

R2(config)#routcrbgp 200 
R2(config-routcr)#ncighbor 10.1.23.3 rcmotc-as 300 

On k3 

R3(config)#ruutcrbgp 300 



CCIE R&*» b* Narbik Kucharians Adt anted OCIE R&S Work Book 2.11 Pqge 690afl068 

C2009 Narbik. Koch* ruins. All rijjhu raervetl 











R3(config-routcr)r*no au 
R3(config-routcr)f*nctwork 3. 0.0.0 
R3(config-routcr)#ncighbor 10.1.23.2 rcmotc-as 200 

I o verify the configuration: 

On \U 

R3r ! Sho\v ip bgp 

BGP tabic version is 4, local router ID is 3.3.3.3 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

r RIB - failure, S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 

Network Next Hop Metric LocPrt* Weight Path 
*> 1.0.0.0 I0.1J23.2 2001 .00 i 
*> 2.0.0.0 10.1.23.2 200 i 
*> 3.0.0.0 0.0.0.0 32768 i 






Task 4 

Configure route dampening on R3 such that the halt- life parameter is set to 30 minutes. 
This router should use the default parameters far supprcss-limit, reuse, and maximum 
suppress time. 






On R3 

R3iconfig-routcr)#bgp dampening 30 7511 2000 60 
To verify the configuration: 

On R3 

R3^Sh ip bgp dampening parameters 

dampening 30 750 2000 6(1 

Half- lite time : 30 mins Decay Time : 1045 sees 
Max suppress penalty: 3000 Max suppress time 60 mins 
Suppress penalty : 2000 Reuse penalty : 750 




cc 


IE R&* b> Narbik KochnrLanx Advanced CCIE R&S Work Book 2.0 Page 69! of It 

£ M<I9 Narbik. Koch* runs. All rhjhu reserved 


168 



Note you may get a "% dampening reconfiguration in progress for IPv4 Unieast'" 
message, if you do, you should uait few seconds and try again. 



TaskS 

Conligurc an EBGP session between lis and R4. Advertise LoopbaekO. Loopbackl and 
Loopback2 interface of R4 in BGP. Router R4 should be configured in AS 400. 



On K4 

R4 fc o n fig)#ro u t cr bgp 40 
R4 (c Q n fig-ro u tcr)£nct w 4 . 0. .0 

R4(config-routcr)#nctw 40.4.4.0 mask 255.255.255.0 
R4(config-routcr)#nctw 44.4.4.0 mask 255.255.255.0 
R4 (con fig-ro Litcr)rrncighbor 10.1.34.3 remote- as 300 
R4(config-router)#no au 

On R3 

R3 (c o n fig)#ro lit cr bgp 300 

R 3 (c o n fig-ro u tcr)#ncighbo r 1 . 1 . 34 . 4 rcmo tc- as 40 

To verify the configuration: 

On K4 

R4f*Show ip bgp 

BGP tabic version is 7 S local router ID is 44.4.4.4 

Status codes: s suppressed, d damped, h history. * valid, > best, i - internal, 

r RIB -failure, S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 



Network 


Next Hop 


Metric 


LocPrf 


Weight Path 


*> 1.0.0.0 


10.1.34.3 






300 200 100 


*> 2.0.0.0 


10.1.34.3 






300 200 i 


*> 3.0.0.0 


10.1.34.3 







300 i 


*> 4.0.0.0 


0.0.0.0 







32768 i 


*> 40. 4. 4.0,' 24 


0.0.0.0 







32768 i 


*> 44.4.4.0 24 


0.0.0.0 







32768 i 



CHE R&«* by NarMk Kuchnrians Advanced CCIE R&S Work Book 2.11 Page 692 of 1068 

C 3009 Virbik Kucha runt. All rtj|hlj reierved 



Task 6 

Con J: guru an EBGP peer session bctw cen R.4 and R5. R5 should a d\ cruse its Loophack 
interface in BGP. Ensure that these routers havcNLR] to each others Loopback interface. 
R5 should be configured in AS 500. 



On R5 






R5 (c o n figure u tcr bgp 50 
R5 ('con fig-router)?* no an 

R5(config-routcr)#ncighbor 10.1.45.4 remote- as 400 
R 5 (c o n fig-ro u ter)#nctw 5 . 0. . 






On R4 






R4(config)#routcrbgp 400 
R4(config-routcr)#ncighbor 10.1.45.5 remotc-as 500 






I o verify the configuration: 






R5#Show ip bap 






BGP tabic version is 8, local router ID is 5/5 5 *■ 
Status codes: s suppressed;, d damped, h history. * va 

r RIB -failure, S Stale 
Origin codes: i - 1GP, c - EG P. ? - incomplete 


id, > best, 


i - internal, 


Network Next Hop Metric LocPrf 
*> 1.0.0.0 10.1.45.4 
*> 2.0.0.0 10.1.45.4 
*> 3.0.0.0 10.1.45.4 
*> 4.0.0.0 10.1.45.4 
*> 5.0.0.0 0.0.0.0 
*> 40.4.4.0/24 10.1.45.4 
*> 44.4.4.0/24 10.1.45.4 


Weight 
" 

ill 


32768 




Path 

400 300 200 100 i 

400 300 200 i 

400 300 i 

400 i 

400 i 
400 i 



Task 7 

Configure route dampening on R4 as follows: 

> Network 40.4.4.0 24 should have the following dampening parameters applied: 
Max-Suppress- Time of90. Reuse 800, Suppress 2400 and a Half-Time of 20 

CCIE R&«* by Narbik Kocharians Advanced CCIE R&S Work Book 2.0 Page 693 of 1068 

£ 3(109 Narbik Kucharuni. All rights reserved 



£• Network 44.4.4.0 24 should have the following dampening parameters applied: 
Max- Sup press- Time of 60. Reuse "00. Suppress 2000 and a Half-Time of 15 



On K4 

R4(config)#acccss-list 4(1 permit 40.4.4.0 0.0.0.255 

R4(config)#acccss-list 44 permit 44.4.4.0 0.0.0.255 

R4 (c o n fig )#ro Lite- map 1ST permit 10 

R4(config-routc-map)#match ip addr 41) 

R4 (con fig-route- map)* set dampening 20 800 2400 90 

R4 (configure Lite- map 1ST permit 20 
R4 (config-ro Lite- map )r*match ip addr 44 
R4(config-routc-map)#sct dampening 15 700 2000 60 

R4 (con figure Lite- map TST permit 30 

R4 ( e o n fig)#ro u tcr bgp 40 
R4(conrig-roLitcr)#bgp dampening roLitc-map 1ST 

Note the route-map gives us flexibility. In this case we have applied two 
different route dampening parameters to different routes. The two networks 
are identified with access-lists. The route-map references the access-lists and 
sets the dampening parameters based on the networks. 

To verify the configuration: 

On R4 

R4^Sh ip bgp damp parameters 

dampening 20 800 2400 90 (route-map TST 10) 

Half- lite time : 20 mins Decay Time : 3490 sees 

Max suppress penalty: 18075 Max suppress time: 90 mins 

Suppress penalty : 2400 Reuse penalty 800 

dampening 15 700 2000 60 (route-map TST 20) 

Half- life time : 15 mins Decay Time : 2235 sees 

Max suppress penalty: 11200 Max suppress time: 60 mins 

Su p p res s p cnalty : 200 Reuse penalty : 700 



CCIE R&S bv Narbik Kudiarians 



Advanced CCIE R&S Work Book 2.0 

C 2009 Virbik Kucha riim All rijhu reserved 



Page 694 of 1068 



Task8 

Configure route dampening on R2 using the following policy: 

5* All the existing and future prefixes from AS 300 should have the following 
parameters applied: 

Max- Suppress- Time of 80 
Reuse 750 
Suppress 2200 
Half -Time 30 



On \U 

R2(config)rrip as- path access- list 1 permit A 30 05 

R2iconfig)#routc-map 1ST permit 10 
R2iccmr]g-routc-map)#match as- path 1 
R2i;config-routc-map)#sct dampening 30 750 2200 80 

R2 1 'con fig )#ro utc- map 1ST permit 20 

R2i;config)^ro Liter bgp 200 
R2iconfig-routcr)#bgp dampening route-map TST 

The combination of "route-map'" and the ''as-path access-list'" command can apply 
bgp dampening to an AS based on the AS number. 

To verify the configuration: 

On R2 

R2*Show ip bgp damp parameters 

dampening 30 750 2200 80 (route-map TST 10) 

Halt- life time : 30 mins Decay Time : 1995 sees 

Max suppress penalty: 4755 Max suppress time: 80 mins 

Suppress penalty : 2200 Reuse penalty : 750 



CCIE R&5> by Narvik Kuchariaiw Advanced CC1E R&S Work Book 2.0 Page 695 of 1068 

C2009 >iarl>ik Kucha riani. All rijhfci raerved 



Task 9 

Erase the startup con fig and reload the routers before proceeding to the next lab. 



CCIE R&«* by Narbik Kuchariaiw Advanced CCIE R&S Work Book 2.0 Page 696 of 1068 

£ £009 N«rl>ik Kucha riaiu. All rij|hu raerved 



Lab 5 

Route Aggregation 



/ 



AS 100 



f 



Lc->2 



s 




-■-, 



\ 



/ 



Lab Setup: 

"P Configure frame-relay connection between the routers in a point-to-point manner. 
]**" Use the following IP addressing chart for IP assignment. 



i£ 



addressing; 



Router 


Interface 


IP Address 


AS number 


Rl 


LoO 

Frame- relay connection to R2 


1.1.1.1 M 

10. I.I 2.1 ;24 


100 


R2 


LoO 
Lol 
Lo2 
Lo3 
Frame- relay connection to R I 


1X1X2 1 24 

22. 1.2 ..24 

- - - - -4 

2.2.12 .24 
10.1.1 2.2 .24 


200 



Task 1 

Configure an EBGP session between the routers and only advertise their Loopback 
interface's in BGP. Rl should be in AS 100 and R2 should be configured in AS 200. 



On kl 



CCIE R&S by NarMk Kucharians Advanced CCIE R&S Work Book 2.0 

C2009 Mar l>ik Kucha riani. All ritfhU rtitn til 



Page 697 of 1068 



Rl (config^ro titer bgp 1 00 

R 1 (c o n tig -r o u t er) # no au 

Rl (config-routcr)*nctw 1.0. 0.0 

R 1 (c o n fig -router)" neighbor 10.1. 12.2 remote- as 200 

On R2 

R 2 1 [c o n fig^ro u tcr bgp 20 
R2(config-router)#no mi 

R2(config-router)#ricighbor 10.1.12.1 remote- as 100 
R2i;config-routcr)#nct\vork 2.2.0.0 mask 255.255.255.0 
R2i:config-roLiter)^nctwork 2.2.1.0 mask 255.255.255.0 
R2i;config-router)#nctwurk 2.2.2.0 mask 255.255.255.0 
R2i:config-routcr)#nctwork 2.2.3.0 mask 255.255.255.0 

To verify the configuration 

R2f*Show ip bgp 

BGP tabic version is 6, local router ID is 22.3.2 

Status codes: s suppressed, d damped, h history., * valid, > best, i - internal, 

r RIB -failures Stale 
Origin codes: i - 1GP. c - EGP, ? - incomplete 



Network 


Next Hop 


Metric LocPrf Weight Path 


*> 1.0.0.0 


10.1.12.1 





1 00 


*> 2.2.0.0/24 


0.0.0.0 





32768 i 


*> 2.2.1.0/24 


0.0.0.0 





33768 i 


*> 2.2.2.0 24 


0.0.0.0 





32768 i 


*> 2.2.3.0/24 


0.0.0.0 





22~oS ■ 



Task 2 

Configure R2 such that it summarizes it's Loopback interfaces and advertises a single 
summary to Rl . R2 should NOT assign an atomic -aggregate to the summary route when 
it advertises it to any of its neighbors. 



Note in BGP, an aggregate is only created if at least one of the specific routes of the 
aggregate exists in the BGP table. It is recommended to configure most if not all the 
specific routes with a Network statement, because if only a sinyle Network is configured 
to satisfy the requirements, and that particular Network gggj down, then tjfreaggregatg 



CCIE R&<* by NarMk Kueharians Advanced CCIE R&S Work Book 2.0 Page 698 of 1068 

C 2009 NarbikKocluiruiiu. All riflhU rcirrvnl 



will be removed. 

There are many ways to advertise an aggregate, one way to ad 
creating a static route that matches the aggregate route and tli 
aggregate in BGP as follows: 


vert ise an aggregate is by 

en advertising the 


(conlig'^Ip route 12Q& 255.^55 


752 OnullO 










fco nfig ^Router bgp 200 

(coniig.routcr>#N"ct\vork 2.2.0.0 mask 255.255.252.0 








But since that is not an option h 
aggregate. 


ere, we had to n 


dvert 


ise every 


specific prefix 


under the 


On K2 












R2(config)#Routcr bgp 200 

R2 (c o n fig -routGr)#aggrcgatc- address 2.2.0.0 255.! 


>552f 


2.0 






To verify the configuration 


k 










On Rl 












Rl#Show ip bgp 












BGP tabic version is 7, local router ID is 1 . 1 . 1 . 1 
Status codes: s suppressed, d damped, h history, * 

r RIB -failure, S Stale 
Origin codes: i ■ 1GP, c ■ EGP, ? ■ incomplete 


valid, 


> best, i ■ 


internal, 




Network Next Hop 
*> 1.0.0.0 0.0.0.0 
*> 2.2.0.0/24 10.1.12.2 
*> 2.2.0.0/22 10.1.12.2 
*> 2.2.1.0/24 10.1.12.2 
*>22.2.Q.'24 10.1.12.2 
*> 2.2.3.Q'24 10.1.12.2 


Metric LocPrf 








Weight Path 
32768 i 

200 i 
200 i 
200 i 
200 i 
200 i 






On R2 












R2#Show ip bgp 












BGP tabic version is 7, local router ID is 2.2.3.2 
Status codes: S suppressed, d damped, h history, * 
rRlB-lailurc, S Stale 


valid, 


> best, i ■ 


internal, 





CCIE R&S bv Narbik Kucharians 



Advanced CCIE R&S VYurk Book 2.0 

C 2009 Varbik Kucha rum. All righu raerved 



Page 699 of 1068 



Network 


Next Hop 


*> 1.0. 0.0 


10.1.12.1 


*> 2.2.0.0/24 


0.0.0.0 


*> 2.2.0.0 22 


0.0.0.0 


*> 22.1.0 24 


0.0.0.0 


*> 2.2.2.0 24 


0.0.0.0 


*> 2,2.3.004 


0.0.0.0 



Origin codes: i - 1GP, c - EGP, ? - incomplete 

Metric LocPrf Weight Path 
100 i 

32768 i 

32768 i 
32768 i 

32768 i 

32768 i 

By default in BGP the aggregate and all the specific routes are advertised. A "summary- 
only'' argument used with the aggregate-address will suppress the specific routes so that 
only the aggregate mute is advertised. 

Note none of the prefixes are suppresses. 

On R2 

R2(config)#routcrbgp 200 

R2(config-routcr)r i aggregate-address 2.2.0.0 255.255.252.111 summary-only 

Note the "summary-only" keyword will suppress all the prefixes on R2 such that R2"s 
neighbors won't seethe more specific routes. 

On K2 

R2"Sho\v ip hgp 

BGP table version is 1 1 , local router ID is 2.2.3.2 

Status codes: s suppressed, d damped, h history. * valid, > best, i - internal, 

r RIB -failurc s S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 



Network 


Next Hop 


Metric LocPrf V 


*> 1.0.0.0 


10.1.12.1 





100 


*> 2. 2. 0.0/24 


0.0.0.0 





32768 i 


*> 22.0.0 22 


0.0.0.0 




32768 i 


s> 2. 2. 1.0/24 


0.0.0.0 





32768 i 


s> 2.2.2.0 24 


0.0.0.0 





32768 i 


s> 22.3.0,24 


0.0.0.0 





32 7 68 i 



Note the letter "$'" to the left of the ■">'" sign. The i- s'" means that these prefixes are 
suppressed. 



CCIE R&S by Narbik Kueharians Advanced CCIE R&S Work Book 2.0 Page ?00afl068 

C 1009 Narbik Kucha rianx AH righb rc«rrvrii 



On kl 

Rl#Shaw ip bap 

BGP tabic version is 1 1 , local router ID is 1. 1 . 1 . 1 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

r Rl B- fail Lire, S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 

*> 1.0.0.0 0.0.0.0 32768 i 

*> 2.2.0. 0/22 10.1.12.2 200 i 

Note the only route that is advertised to Rl is the summary route. 
On kl 

Rl*Shipbgp 2.2.0.0/22 

BGP routing table entry for 2.2.0.0 22, version 17 
Paths: (1 available, best #1, table Default- IP-Routing- Table) 
Not advertised to any peer 
200, 1 aggregated by 2(1(1 2.23.2) 
10.1.12.2 from 10.1 1.2.2 (2.2.3.2) 
Origin 1GP, metric 0, localprcf 100, valid, external, atomic-aggregate, best 

On K2 

R2#Showjp_bgE 22.0.0/22 

BGP routing table entry for 2.2.0.0/22, version 7 
Paths: (1 available, best #1, tabic Default-] P-Routing- Table) 
Advertised to update-groups: 

I 
Local, I. aggregated hy 200 2.2.3.2) 
0.0.0.0 irom 0.0.0.0 (2.2. 3.2) 
Origin 1GP, localprcf 100, weight 32768, valid, aggregated, local, atomic-aggregate, best 

Note the output of the "Show ip hgp 2.2.0.0'22" command above, displays two different 
attributes, the "aggregator'' and the ''atomic-aggregate" attribute. 

The "aggregator" attribute identifies the AS number thai the aggregation was 
performed and it also identifies the router-id of the muter that performed the 



CCIE R&<> by NarMk Kucharians Advanced CCIE R&S Work Book 2.0 Page "01 of 1068 

C2Q09 Narbik Kuchariini. All righb rntrvtd 



By de i'a u It when aggregation is configured in BGP, the "atomic-aggregate" attribute is 
attached to the aggregate address: this alarms the administrator that certain 
information could he hidden. 

We know that the specific routes under that aggregate are always suppressed 'hidden 
when the summary or aggregation is performed under any routing protocol, hut in BGP 
another hidden or suppressed item is the actual AS number's that the specific routes 
were originated, 

An atomic-aggregate— This is an attribute that is assigned to the aggregate route 
automatically if the "as-set'" argument is not used in the "aggregate-address'" command. 
When an aggregation is performed, certain information is lost. In BGP that information 
is not only the more specific routes under that aggregate, but it can also be the AS 
numbers that the prefixes traversed through to get to the router that is performing the 
aggregation. If it's not corrected a routing loop can occur. In order to prevent the 
routing loops from occurring, the "AS- SEP" argument should be used when performing 
aggregation. 

The "AS- SET" argument used in the aggregate-address command reveals the AS 
number's that some, if not all the specific routes were originated from, once that 
information is revealed, the "atomic-aggregate" attribute is automatically removed. 

On R2 

R2(config')#ro Liter bgp 200 

R2 (con fig-router)** aggregate- ad dress 2.2.0.0 255.255.252.0 summary -only as-set 

To verify thi 1 configuration: 
On kl 



R1*Shipbgp 2.2. 0.0.22 

BGP routing tabic entry for 2.2.0. 0/22, version 22 
Paths: (1 available, best #1, tabic Default-] P- Routing- Tabic) 
Not advertised to any peer 
200, (aggregated by 200 22.32) 
1 0. I.I 2.2 from 10. 1. 12.2 (2.2.3.2) 
Origin 1GP, metric 0, localprcf 100, valid, external, best 

On k2 

R2*Shipbgp 2.2.0.0 22 



CCIE R&S by NarhOc Kueharians Advanced CCIE R&S Work Book 2.0 Page 792aflQ68 

E 3009 Xarbik Kxidiariaiu. All righti reserved 



BGP routing tabic entry tor 2. 2.0. 0/22, version 7 

Paths: (1 available, best #1, tabic Default-] P-Routing-Tablc) 

Advertised to update-groups: 

I 
Local, (aggregated by 200 223.2) 
0.0.0.0 lromO.0.0.01113.2) 
Origin 1GP, localprcf 100, weight 32768, valid, aggregated, local, best 

Note the atomic-aggregate is no longer attached to the aggregate-address. 



Task 3 

Reconfigure the routers using the follows diagram IP addressing information and ONLY 
advertise their Loopback interfaces in BGP. You can use the initial config tile for 
advertising and setting up the diagram. 



/ 

I 
\ 



-H. 




AS 200 



\.i 



i saw.? 



'--_ 


*- -^ __BWO"J 


[J2 __ _ -*" 
1 0-1-234) t2A 




-*■"" 3] 


FOrt 


i "~--». 



.-' 



\ 




AS 300 



X 



/ 



"\ 



/ 



CCIE R&5> by \nrUk Kuehariaiw Advanced CCIE R&S Work Book 2.0 

C2009 Nvbik Kucha riani. All rijjhu rciervcii 



Page 70 J of 1068 



Lab Setup: 

> Configure a frame-relay point-to-point connection between routers R I and R2. 

> Configure the FQ'O interlace of R2 and R3 in VL AX 23. 



II* addressing: 



Router 


Interface 


IP Address 


AS number 


Rl 


LOO 


3.1.11.1 . .■ 24 


100 




SO/0, 12 


10.1.12.1 24 




R2 


Loll 


2.2.2.2 ,'8 


200 




SO/0.21 


10.1.12.2/24 






FO/C 


10.1.23.2 .'24 




R3 


LoO 


3.1.0.3,24 


300 




Lol 


3. 1.1.3. 24 






Lo2 


3.1.2.3.24 






Lo3 


3.1.3.3.24 






Lo4 


3.1.4.3.24 






Lo5 


3.1.5.3 ,'^4 






Lo6 


3.1.6.3.24 






Lo7 


3.1.7.3.24 






Lo8 


3.1.8.3 24 






Lo9 


3.1.9.3,24 






Lo 1 


3.1.10.3,24 






Lol 2 


3.1.12.3.24 






Lo 1 3 


3.1.13.3,24 






Lol 4 


3.1.14.3.24 






Lo I 5 


3.1.15.3.24 






FO/0 


10.1.23.3,24 





Task 4 

Configure router Rl in AS 1 00 to establish an EBGP session with R2 in AS 200, and 
router R2 in AS 200 should establish an EBGP peer session with R3 in AS 300. These 
routers should advertise their loopback interlaces in their AS. 



On Rl 

Rl (configure utcrbgp 100 
Rl(config-routcr)#no au 



CCIE R&<> bv Narbik Kuchai-ians 



Advanced CCIE R&S Wurt Book 2.0 

CM09 Mirbik Kucha rianx All right! reserved 



Page "04aflQ6H 













Rliconfig-roLitcr)#nctw 3. !. 1 1.0 mask 255.255.255.0 








RI(config-rt)uter)#ncighbor 10.1.12.2 rcmotc-as 200 








On R2 








R2(config)#ro liter bgp 200 








R2 (con fig-ro Liter)?* no au 








R2(config-routcr)#ncighbor 10.1.23.3 rcmotc-as 300 








R2(config-routcr)#ncighbor 10.1.12.1 rcmotc-as 100 








R2(config-routcr)#nctwork 2.0.0.0 








On 113 








R 3 (C O n figJrrTO LI t cr b g p 30 








R3(config-roLitcr)#ncighbor 10.1.23.2 rcmotc-as 200 








R3iconfig.routcr)#nct\v3.l.0.0 mask 155.^55^55.1) 








R3 (con fig-ro utcr)#nct\v 3 


1 


1.0 mask 255. ">55."»55.0 








R 3 f c o n fig-ro u t er)# net w 3 


1 


7 .0 mask ">55.">55. ">55.0 








R 3 (con fig-ro utcr)T>nct\v 3 


1 


3.0 mask 255.255.255.0 








R3 (c o n fig-ro u tcr)#nct\v 3 


1 


4.0 mask ^55J55. "»55.0 








R3 ( c o n fig-ro u tcr)r> net \v 3 


1 


5.0 mask ?55.">55.">55.0 








R 3 ( c o n fig-ro u tcr)#-nct w 3 


1 


6.0 mask 255.255.255 j0 








R3(oonfig-router)#iietw 3 


1 


7.0 mask 255.255.255.0 








R3 (con fig-ro utcr)#nctw 3 


1 


8.0 mask ~>55.->55.~>55.i) 








R3(config-routcr)T#nct\v 3 


1 


9.0 mask 255.255.255.0 








R3(config-routcr)?>nctw 3 


1 


10.0 mask 255.255.255.0 








R3 (c o n fig-ro u tcr)#nctw 3 


1 


12.0 mask 255.255.255.0 








R3(config-routcr)#nctw 3 


1 


13.0 mask 255.255.255.0 








R 3 ( c o n fig-ro u tcr)# net w 3 


1 


14.0 mask 255.255.255.0 








R3 icon fig-ro utcr)f*nctw 3 


1 


15.0 mask 255.255.255.0 








Tht! eon i'inu ration lor ad\ eiiisiiiL! Mil 1 12 prefixes ean be down 


.oaded IVoni Hie C7 1 > 




provided ivilli this workbook 






To verify the configuration: 








On R2 








R2#Sh ip bgp 








BGP tabic version is 15, local router ID is 2.2.2.2 








StatLis codes: s suppressed, d damped, h history, * valid, > best, i ■ 


internal, 






r Rl B - tail Lire, S Stale 






CCIE R&«* bj Narvik KuL-hurian. Advanced CCIE R&S Work Book 2.0 


Page 70S of 1068 


E 2009 Var l>ik Kucha runt. All rights reserved 





Origin codes: i ■ 


lGP,c-EGP, 


? - incomplete 




Network 


Next Hop 


Metric LocPrf Weight Path 


*> 2.0.0.0 


0.0.0.0 





32768 i 


*> 3.1.0.0.24 


10.1.23.3 





300 i 


*> 3.1. 1.0.24 


10.1.23.3 





300 i 


*> 3.1.2.024 


10.1.23.3 





300 i 


*> 3.1.3.0 24 


10.1.23.3 





300 i 


*> 3. 1.4.0; 24 


10.1.23.3 





300 i 


*> 3.1.5.CV24 


10.1.23.3 





300 i 


*> 3.1.6.0 24 


10.1.23.3 





300 i 


*> 3.1.7.0 24 


10.1.23.3 





300 i 


*> 3.1.8.0 24 


10.1.23.3 





300 i 


*> 3.1.9.0/24 


10.1.23.3 





300 i 


*> 3. 1.1 0.0; 24 


10.1.23.3 





300 i 


*> 3.1. 11.0/24 


10.1.12.1 





100 i 


*> 3.1.12.0/24 


10.1.23.3 





300 i 


*> 3.1. 13.0 '24 


10.1.23.3 





300 i 


*> 3.1.14.0,24 


10.1.23.3 





300 i 


*> 3.1.15.0/24 


10.1.23.3 





300 i 



Task 5 

R2 should aggregate a!! the networks in 3.1 .0.0 address space and advertise a single 
aggregate route that only aggregates the Specific routes lor subnets under the 3.0.0.0 
network in it's BGP table, ensure that the atomic -aggregate attribute is not attached to the 
aggregate route. This aggregation should be configured such that Rl in AS 1 00 is the 
only AS that receives the aggregate route. R3 in AS 300 should NOT receive the 
aggregate route. Rl should use R2 as the next hop to reach any of the specific routes 
within the aggregate. R 1 should NOT use R2 if it's network 3. 1. 1 1.0 ;24 network is 
down. R3 docs NOT need NLR1 to network 3.1.11.0 ;24 advertised bv Rl . 



OnK2 

R2 should aggregate all the network* in 3.1.0.0 address space and advertise a single aggregate 
route that only aggregates the specific routes for subnets under the 3.(1. 0.0 network in it's BGP 
table, ensure that the atomic-aggregate attribute is not attached to the aggregate route. 

R2(config)#RoLitcrbgp 200 

R2(ccmf]g-miucr)saggreyate-address3.1.0.0 255.255.240.0 summary-only as-set 



CCIE R&l*> bv Narbik Kuirharians 



Advanced CCIE R&S Wurk Book 2.0 

C 2009 Narbik Kucha runt. All rujhu reserved 



Page?06t>fJ068 











This command aggregates networks 3.1.0.0 .'24 — 3.1.15.0 .■'24 and only advertises the summary 






route and not all the specific routes, the "summary-only" ai~gument accomplish that. This 






aggregate route will not have the "atomic-aggregate*" attribute attached because the "as-set*" 






argument is used. 






leu verify the configuration: 






On R2 






R2*Sh ip bgp 






BGP tabic version is 63, local router ID is 2.2.2.2 






Status codes: s suppressed, d damped, h history'. * valid, > best, i - internal, 






r RIB -tai lure, S Stale 






Origin codes: i - 1GP, c - EGP, 7 - incomplete 






Network Next Hop Metric LocPrf Weight Path 






*> 2.0.0.0 0.0.0.0 32768 i 






s> 3. 1.0.0/24 10.1.23.3 300 i 






*> 3 . 1 . 0. 0/20 . a 0. 1 32 76 8 [3 00 , 1 00 ) i 






s> 3. 1.1.0/24 10.1.23.3 300 i 






s> 3. 1.2.0 24 10.1.23.3 300 i 






s> 3. 1.3.0 24 10.1.23.3 300 i 






s> 3. 1.4.0,24 10.1.23.3 300 i 






s> 3. 1 .5.0,24 10.1.23.3 300 i 






s> 3. 1 .6.0/24 1 . 1 . 23 . 3 300 i 






s> 3. 1.7.0/24 10.1.23.3 300 i 






s> 3. 1.8.0/24 10.1.23.3 300 i 






s> 3. 1 .9.0 24 10.1. 23 . 3 300 i 






s> 3. 1.10.0/24 10.1.23.3 300 i 






s> 3.1.1 1.0.24 10.1.12.1 100 i 






s> 3. 1 . 1 2.0/24 1 . 1 . 23 . 3 300 i 






s> 3. 1.13.0/24 10.1.23.3 300 i 






s> 3. 1 . 1 4.0/24 1 . 1 . 23 . 3 300 i 






s> 3. 1.1 .5.0 24 10.1.23.3 300 i 






Note the specific routes are suppressed (The letter "S" to the left of the ">'" sign). The curly 






brackets in the path column identify the AS numbers that the specific mutes originated from. 






Because the AS numbers are mm included in the path column, neither Rl in AS 100 nor R3 in AS 






304 will have tliu aggregate route in their BGP table. 






CJnRl 






R 1-Sh ip biip 






CCIE R&.*> bv Nartrik Kuc-hariaiw Advanced CCIE R&S Work Book 2.11 Page 70? of 1068 




C 2009 Xarbik Kuchariani. All rights r«trv«l 



BGP table version is 130, local router ID is 3.1.12.1 

Status codes: s suppressed, d damped, h history, * valid, > best, i - interna!, 

r RIB-tailurc, S Stale 
Origin codes: i - IGP, c - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 

*> 2.0.0.0 10. 1.12.2 200i 

*> 3.1.1 1.0 24 0.0.0.0 32768 i 

On R3 

RJ#Sh ip bgp 

BGP table version is 49, local router ID is 3.3.1 1.3 

Status codes: s suppressed, d damped, h history, * valid, > best,, i - internal, 

r RIB-tailurc, S Stale 
Origin codes: i - IGP, c - EGP, ? - incomplete 



200 



Network 


Next Hop 


Metric LocPrf Weight 


*> 2.0.0.0 


10.1.23.2 








*> 3.1.0.0 24 


0.0.0.0 





32768 


*> 3.1.1.024 


0.0.0.0 





32768 


*> 3.1.2.0/24 


0.0.0.0 





32768 


*> 3.1.3.0 24 


0.0.0.0 





32768 


*> 3.1.4.024 


0.0.0.0 





32768 


*> 3.1.5.0/24 


0.0.0.0 





32768 


*> 3.1.6.0/24 


0.0.0.0 





32768 


*> 3.1.7.0 24 


0.0.0.0 





32768 


*> 3.1.8.0/24 


0.0.0.0 





32768 


*> 3.1.9.0 24 


0.0.0.0 





32768 


*> 3.1. 10.0 24 


0.0.0.0 





32768 


*>3.1.12.Q/24 


0.0.0.0 





32768 


*> 3.1. 13.0.24 


0.0.0.0 





32768 


*> 3.1. 14.0 24 


0.0.0.0 





32768 


*> 3. 1.1 5. 24 


0.0.0.0 





32768 



Note Rl and R3 do NOT ha\ e IIil 1 aggregate route in their BGP table. 

This aggregation should he configured such that Rl in AS 100 is the only AS that receives the 
aggregate route, R3 or future peer neighbors should NOT receive the aggregate route. Rl should 
use R2 as the next hop to reach any of the specific routes within the aggregate 

R2(config)#ip as- path access-list 1 permit A 3(HIS 



COE R&5> by NarMk Kuchariara Advanced CCIE R&S Work Book 2.11 Page 708 of 1068 

C2009 Narbik Kucha rianx All rijhu raerved 



The above command identifies AS number 300. 

R2(config)#routi>map 1 ST permit 10 
R2(canfig-mutc-map)#match as-path 1 

The "route-map" command references the "as-path access-list 1". 

R2(config-routcr)r*aggregate- ad dress 3.1.0.0 255.255.240.0 as-set summary-only advertise- map 
TST 

The ''advertise-map'" command assigns the route-map "TST'" to the "aggregate address'" 
command. 

To verify the in mil miration: 

OnRl 

RlffShow ip bgp 

BGP tabic version is 12, local router ID is 3.1.0.1 

Status codes: s suppressed, d damped, h his tory, * valid, > best, i - internal, 

r RIB-tailurc, S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 

*> 2.0.0.0 10.1.12.2 " 200 i 

*>3.1.0.O''20 10.1.12.2 200 300 i 

On R3 

R3f*Sh ip bgp 

BGP table version is 49, local router ID is 3.3.1 1.3 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

r RIB-tailurc, S Stab 
Origin codes: i - 1GP, c - EGP, ? - incomplete 



Network 


Next Hop 


Metric LocPrf Weight Patr 


*> 2.0.0.0 


10.1232 





200 


*> 3.1.0.0/24 


0.0.0.0 





32768 i 


*> 3.1.1.0/24 


0.0.0.0 





32768 i 


*> 3.1.2.0/24 


0.0.0.0 





32768 i 


*> 3.1.3.0/24 


0.0.0.0 





32768 i 


*> 3.1.4.0/24 


0.0.0.0 





32768 i 



CCIE R&S by NarMk Kuc-harians Advanced CCIE R&S Work Book 2.0 Page 709o/1068 

£20(ID V«rl>ik Kucha rlini. All rig Kb reirrvcii 



*> 3.1.5.0 24 


0.0.0.0 





32768 


*> 3.1.6.0/24 


0.0.0.0 





32768 


*> 3.1.7.0/24 


0.0.0.0 





32768 


*> 3.1. 8.0/ 24 


0.0.0.0 





32768 


*> 3.1.9.0/24 


0.0.0.0 





32768 


*> 3.1.10.0/24 


0.0.0.0 





32768 


*> 3.1. 110 24 


0.0.0.0 





32768 


*> 3.1. 13.0 24 


0.0.0.0 





32768 


*> 3X14024 


0.0.0.0 





32768 


*> 3.1.15.0 24 


0.0.0.0 





32768 



Note R3 gets the aggregate route but it rejects it because it sees its own AS number in the as -path 
list. Rl receives and processes the agyregate route because it does not see its own AS number in 
the as-path list advertised by R2. 

The following shows all the routes that are advertised by R2 to its neighbor 10.1.23.3: 
On R2 

R2#Show ip bgp neighbors 10.1.23.3 advertised- routes 

BGP tabic version is 64, local router ID is 2.2.2.2 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

r RIB -tai lure, S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 
*> 2.0.0.0 0.0.0.0 32768i 

*>3.L0.Q.''20 0.0.0.0 100 32768 300 i 

Total number oi" prefixes 2 

The output of the following display shows all the mutes received and accepted by R3: 

On R3 

R3r*Show ip bgp neighbor 10. 1.23.2 routes 

BGP table version is 49, local router ID is 3.3.1 1.3 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

r RIB -tai lure, S Stale 
Origin codes: i - IGP, c - EGP, 7 - incomplete 

Network Next Hop Metric LocPrf Weight Path 



CCIE R&«> bv Nar»ik Kucharians 



Advanced CC1 E RA.S Work Book 2.0 

C2Q09 Mirlrik. Kucha riani. All rnjhU raerved 



Page "1 Oaf 1068 



*> 2.0.0.0 10.1.23.2 200 i 

Rl should NOT use R2 if it'* network 3.1.11.0 24 network is down 

OnRl 

Rl(config)#ip route 3.1.11.0 255.255.255.0 M LT0 

To verify the configuration: 

OnRl 

Rl#Show ip route 

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP 

D - E1GRP, EX - E1GRP external, - OSPF, LA - OSPF inter area 
N I - OSPF NSS A external type 1 , N2 - OSPF NSSA external type 2 
E 1 ■ OSPF externa! type I , E2 ■ OSPF externa] type 2 
i - IS-IS, su - 1S-1S summary, LI - 1S-IS level- 1, L2 - 1S-IS lcvcl-2 
ia - 1S-1S inter area, * - candidate default, L" - per-uscr static route 
o - ODR, P - periodic downloaded static route 

Gateway of last resort is not set 

B 2.0.0. 08 [20/0 J via 10.1.12.2, 01:55:29 

3.0.0.0/8 is variably subnetted, 2 subnets. 2 masks 
B 3.1.4X000 [20/0] via 10. 1.12.2, 00:18:34 
C 3.1.11.0/24 is directly connected, LuopbackO 

1 0.0. 0.Q'24 is subnetted, I subnets 
C 1 0.1. 12.0 is directly connected, ScriakTO. 1 2 

Note 3.1.1 1.0 .'24 is directly connected, to test this condition we should shut down the interface and 
check the mutiny table again, as follows: 

OnRl 

Rl(config')#int loO 
Rl(config-il>Shut 

R l#SJMijw ip route 

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP 

D - E1GRP, EX - E1GRP external, O - OSPF, IA - OSPF inter area 

N 1 - OSPF NSSA external type 1, X2 - OSPF NSSA external type 2 

CCIE R&*> by NarMk Koeharians Advanced CC1E R&S Work Book 2.0 Vage "11 of 1068 

£ 2009 Xarbik Koch* runs. All rijhu raervetl 



El - OSPF external type 1 , E2 - OSPF external type 2 
i - IS-IS, sli - IS-IS summary, L I - IS-IS level- 1 ,'l.2 - IS-IS krvcl-2 
ia - IS-IS inter area, * - candidate default, L' - pcr-uscr static route 
o - ODR, P - periodic downloaded static route 

Gateway of last resort is not set 

B 2 .0 .0 . 0/8 [20/0 J v ia 1 . 1 . 1 2 .2 s 1 : 5 8 : 1 4 

3.0.0.0/8 is variably subnetted, 2 subnets, 2 masks 
B 3.1 .0.020 [20 0] via 10. 1. 12.2, 0O:2I: 1 9 
S 3. 1 . 1 1 .0/2 4 is d i red ly Of) nn ee t ed , Nu 1 10 

10.0.0.0/24 is subnetted, I subnets 
C 10.1. 12.0 is directly connected, ScrialO/0. 1 2 

Note if the interface is down all the traffic destined for the network is forwarded to the NULL0 
interface, and therefore, it won't he forwarded to R2. 



Task 6 

Configure R2 such that a cost of 50 is assigned to the aggregate route. 



On R2 

R2(config)#routc-map COST permit 10 
R2(config-routc-map)#sct metric 50 
R2(config)#ro utc- map COST permit 20 

R2i;config)#rauter bgp 200 

R2(config-routcr)r* aggregate-address 3. 1.0.0 255.255.240.0 summary-only advertisc-map 1ST as-set 

attrihute-map COST 

The attrihute map identifies the name of the route-map used to set the attrihute's of the aggregate 

route. 

To verify the configuration: 

On Rl 
Rl#Show ip bgp 



CCIE R&S by NarMk Kuehariaiw Advanced CCIE R&S Work Book 2.0 Page ?!2ofl068 

C 3(109 >iarbik K<ic!i«ri«ni. All rig lib reserved 



BGP table version is 1 3, local router ID is 3. 1 . 1 I.I 

Status codes: s suppressed, d damped, h history, * valid, > best, 

r RlB-failurc, S Stale 
Origin codes: i - IGP, c - EGP, ? - incomplete 



- internal. 



Network Next Hop 

*> 2.0.0.0 10 .1. 1 2.2 

*> 3.1. 11.0/24 0.0.0.0 

*> 3.1.0.0/20 10.1.122 



Metric LocPrf Weight Path 
" 200 i 

32"68 i 

50 200 300 i 



Note Rl get the aggregate route \*ith a cost of 50. 



Task? 



The policy lor Rl requires that it should receive the aggregate route plus one of the more 
specific subnets (3. 1.3.0 .'24"). This policy should be configured and tested in three 
different ways using a supprcss-map, and unsupprcss-map. 



To test the Suppress-map scenario #1: 

On R2 

R2(confIg)#acccss-list 1 deny 3. 1.3.0 0.0.0.255 
R2(c on figj#ac cess- list 1 perm it any 

R2(config)#routc-map SL'PP permit 10 
R2iconllg-routc-map)r^match ip addr 1 

R2(confIg)#routcrbgp 200 

R2 icon fig -routcr)# aggregate- ad dress 3. 1.0.0 255.255.240.0 summary-only advertise- 

map 1ST as-set attribute-map COST suppress-map SL'PP 

To verify the configuration: 
On Rl 

Rl^Show ip bap 

BGP tabic version is 14, local router ID is 3. 1 . 1 I . I 

Status codes: s suppressed, d damped, h history. * valid. > best, i - internal 



CCIE R&$ by NarMk K.u char La rat Advanced CCIE R&S Work Book 2.0 

C 2009 Varbik Kucha riant. All rights reserved 



Page 713 of 1068 



Metric LocPrf 


Weight Path 





Q 200 i 





32768 i 


50 


200 300 i 




20(1 3(H) i 



r RIB -failure, S Stale 
Origin codes: i - 1GP. c - EGP, ? - incomplete 

Network Next Hop 

*> 2.0.0.0 10.1.12.2 

*> 3.1.11.0/24 0.0.0.0 

*> 3.1.0.0/20 10.1.12.2 

*> 3.1.3.0724 10. 1.1 2.2 

To test the suppress-map scenario ^2: 

On R2 

R2(config)#NO access-list 1 
R2iconfig)#acccss-list 1 permit 3.1.3.0 0.0.0.255 

R2(config)#Routc-map STPPdeny 10 
R2(config-roiuc-map)#Match ip addr I 
R2(config)#Routc-map Sl'PP permit 20 

R2(eonfig')#routcrbgp 200 

R2(config-routei-)£M) a ggreg ate- address 3.1.(1.(1 255.255.240.(6 sum ma 17, -only 

advertise- map I SI as-set attribute-map COST suppress-map STPP 

To verify the configuration: 

On Kl 

Rlgghowjgbgg 

BGP table version is 14, local router ID is 3. 1 . 1 I . I 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

rRlB-lailurc, S Stale 
Origin codes: i - 1GP, e - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 

*> 2.0.0.0 1 0.1. 1 2.2 200 i 

*> 3.1.11.0/24 0.0.0.0 32768 i 

*> 3 . 1 . 0. 0/2 1 0. 1 . 1 2.2 50 200 3 i 

*>3. 1.3.0/24 KU. 12.2 200 300 i 

10 test L ns impress -map scenario ?3; 



CCIE R&5> by NarMk Kucharians Advanced CC1E R&S Work Book 2.11 Page "U of 1068 

C 2009 Narbik Koch* runs. All rijjhu raervetl 



R2(config')#M) route- map SUPP 








R2(config)#routc*map Sl'PP permit 10 
R2(config-routc-map)#iiiateh ip addr 1 








R2(config)#Routcr bgp 200 

R2(config-routcr)r i aggregate-address 3. 1.0.0 255 

map IS 1 as-set attribute-map COST 


.255.240.(1 summa 


ry-cHilv 


advertise- 


This command lakes oil' the suppress-map 








R2(oonfig-roLitcr)rrneighl)(jr 10.1.12.1 unsuppress-map SUPP 






To verify the configuration: 








On Rl 








Rl#ShCFW ip bgp 








BGP tabic version is 14, local router ID is 3.1.1 1.1 
Status codes: s suppressed, d damped, h history, * 
r RIB -iailurc,S Stale 


valid, > best, i - internal, 




Origin codes: i - 1GP, e - EGP, ? - incomplete 








Network Next Hop Metric LocPrf 
*> 2.0.0.0 10.1.12.2 
*> 3.1.11.0/24 0.0.0.0 
*> 3. 1.0. 0.20 10.1.12.2 50 
*> 3.1.3.0/24 10.1.12.2 


Weight Path 
" 200 i 
32768 i 

200 300 i 
200 300 i 







Task 8 



Remove the configuration commands from the previous step. 



On K2 

R2iconfig)#NO route-map Sl'PP 
R2(config^\Q aeeess-list 



CeiE R&S by NarWk Kueharians Advanced CCIE R&S Work Book 2.0 Page 71Safl068 

C2009 \»rbik Koch* rum All rijhb raerved 



RZfcontlg^Routcr bgp 200 

R2(config-routcr) fi: M) neighbor 10.1.12.1 un suppress -map SUPP 

in verify the configuration: 



On kl 

Rlf*Sho\v ip bgp 

BGP tabic version is 14, local router ID is 3. 1 . 1 1 . 1 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

rRlB-iailurc, S Stale 
Origin codes: i - IGP, c - EGP, '.' - incomplete 

Network Next Hop Metric LocPrf Weight Path 

*> 2.0.0.0 1 0.1.! 2.2 "0 200i 

*> 3.1.11.0/24 0.0.0.0 32768 i 

*> 3 . 1 . 0. 0/20 1 0. 1. 1 2.2 50 200 300 i 



Task 9 

Configure Rl so it has the aggregate route plus the specific ro utc that it wanted to have in 
its BGP table i 3. 1 .3.0 24). Rl should NOT advertise this subnet, configure a static route 
or use the redistribute command to accomplish this task. R2 should NOT be configured 
for this task. 



To accomplish this task on Rl, we can use the combination of Exist-map and Inject — 
map. The Exist-map matches on the aggregate address and the router that advertised 
the aggregate address (route-source command in the mute-map called "EXIST"). The 
Inject-map injects the IP addresses identified by the route-map called INJECT, if the 
condition of the Exist-map is true. Therefore, if the muter that advertised the 
aggregate address and the aggregate address exist, then, inject what ever that is 
specified in the prefix-list that is referenced by the route-map INJECT. 

To verify the BGl* table of kl before the configuration: 

On kl 

Rl#Show ip bgp 



CHE R&S by N'htMIc Kuehariaiw Advanced CCIE R&S Work Book 2.0 Page 716 of 1068 

C 2009 >iarbik Kxidiarianx All rig lib reserved 



BGP tabic version is 14, local router ID is 3. 1 . 1 I . I 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

r RIB -failure, S Stale 
Origin codes: i - IGP, c - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 

*> 2.0.0.0 10.1.12.2 " G 200 i 

*> 3.1. 11. 0/24 0.0.0.0 32768 i 

*> 3 . 1 .0. 0/20 1 0. 1 . 1 2. 2 50 20 3 00 i 

To ui.:m It^uru: 

On kl 

Rl(config')#ip prefix-list NET permit 3.1.3.0/24 
Rl (config)#ip prefix -list AGG permit 3. 1 .0.0/20 
Rl(config)#ip prefix-list R2 permit 10.1.12.2 32 

R 1 (c o n fig )#ro utc- map EXIST permit 10 

Rl (con fig-route- map)« match ip addr prefix -list AGG 

R 1 icon fig-route- map )r*match ip route- source prefix -list III 

Rl (configure utc- map INJECT permit 10 
Rli'config-routc-map)T#sct ip addr prefix-list NET 

R 1 (config)#Routcr bgp 1 00 

R! (config-routcr)#bgp inject-map INJECT exist- map EXIST 

To verify the configuration: 

On kl 

R l~Sho\v ip bgp 

BGP tabic version is 6, local router ID is 10. 1 .1 2.1 

Status codes: s suppressed, d damped, h history, * valid, > best, i ■ internal, 

r RIB -tail urc, S Stale 
Origin codes: i - IGP, c - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 

*> 2.0.0.0 1 0.1.1 2.2 " 200 i 

*> 3 . 1 . ft 0/20 I ft I . I 2.2 50 200 300 i 

*> 3.1.3.0/24 10.1.12.2 D? 

*> 3.1.11.0/24 0.0.0.0 32768 i 



COE R&«* by NarhOc Kueharians Advanced CCIE R&S Work Book 2.0 Page 717 of 1068 

C 20419 Narbik Kucharuni. All rijjhU rcirnril 



Note the subnet is in the BGP table of Rl, 



Task 10 

Erase the startup con fig and reload the routers before proceeding to the next lab. 



CCIE R&«* by Narbik Kuchariaiw Advanced CCIE R&S Work Book 2.0 Page 71& of 1068 

£ £009 N»rbik Kucha riaiu. All rij;hU rtitned 



Lab 6 
The Co mm unitv Attribute 




\ AS 400 / AS 500 

N j V j 



l.al> Si'tup: 

> Con tig urc the routers that arc connected to the frame- re lay clouds in a po int-to- 
point manner. 

S* R2 and R3's FO/0 interface should be configured in VLAN 23. 

> Use the following IP address chart for IP assignment. 



CCIE R&* by NarMk Kuchu-Lans Advanced CCIE R&S Work Book 2.0 

C 2009 Narbik Kucha rianx All rijjhu rciervcii 



Page 719 of 1068 



AS <& I V addressing chart: 



Router 


Interface 


IP Address 


AS Number 


Rl 


LoO 


1.1.1.1 .8 


100 




SO 0.12 


10.1.12.1 ,24 




R2 


LoO 


2 2 2.2 '8 


23 (HI 




SO/0.21 


10.1.12.2/24 






SO/0. 24 


10.1.24.2 . H 4 






FO/0 interface connection to R3 


10.1.23.2. a 4 




R3 


LoO 


T T T T iO 

J> .3 . Jf.Jf :0 


2300 




FO/0 interface connection to R2 


10.1.23.3/24 






SO 0.35 


10.1.35.3 ^4 




R4 


LoO 


4.4.4.4 /B 


400 




SO/0.42 


10.1.24.4/24 




Rf 


LoO 


5.5.5.5 /'8 


500 




SO 0.53 


10.1.35.5 24 





Task I 



Configure EBGP peer session's between the routers based on the above "AS & IP 
addressing chart". These routers should ONLY advertise their Loopback interface's in 
BGP. These BGP routers should use their Loopback ! s IP address as their Router id. 
Ensure that every router has NLR.1 to every link in this lab using RIPvZ. 



On All Routers 

(config)r ! Router rip 

( co nfig-ro u t cr) # No ail 

(config-routcr)#Vcr 2 

( con%-rautcr')#N'ct\vork 1 0. 0. 0.0 

On Rl 



I.I 



R I (config)#ro liter bgp 1 00 

Rl(config-routcr)#bgp router-id 1 
Rl fconfig-routcr.^nctw 1 . 0. 0.0 
R 1 (c o n fig-r o u t cr )#no au 
Rl(conflg-routcr)#ncighbor 10.1.12.2 remotc-as 2300 

On R2 

R2 (c o n fig )P r o u t cr b g p 23 



CCIE R&«* bv Narbik Kuchiiriaiu 



Advanced CCIE R&S Wurk Book 2.0 

E 2009 NarbikKuchariini. All rijhU reserved 



Page 720 of 1068 













R2(config-routcr)#bgp routcr-id 2.2.2.2 








R2(config-routcr)#nct\v 2.0. 0.0 








R2(config-routcr)r*no au 








R2(ccmfig-roiitcr)r*ncighbor 10.1.12.1 rcmotc-as 100 








R2 (con fig-ro utcr)#ncighbor 10.1.23.3 rcmotc-as 2300 








R2 f c o n fig-ro u tcr)#ncighbo r 10.1. 24 . 4 rcmo t c- as 40 








On R3 








R 3 ( c o n fig-ro u ter bgp 23 








R3iconfig-routcr)#bgp routcr-id 3.3.3.3 








R3(config-routcr)#nctw 3.0.0.0 








R3 (c o n fig-ro u t er)S no au 








R3(LUJn fig-ro utcr)#ncighbor 10.1.23.2 rcmotc-as 2300 








R3(corif]g-routcr)#ricighbor 10.1.35.5 rcmotc-as 500 








On R4 








R4 (con fig-ro Liter bgp 400 








R4 (c a n fig -ro u ter)# bgp r o ut er-id 4 .4 . 4. 4 








R4(config-roLitcr)r*nctw 4.0. 0.0 








R4 (c o n fig-ro u tcr)?* no au 








R4(config-routcr)#ncighbor 10.1.24.2 rcmotc-as 2300 








On R5 








R5 fc o n fig-ro u t cr b g p 50 








R 5 icon fig-router)?* bgp routcr-id 5.5.5.5 








R5(config-routcr)* ! nct\v 5.0. 0.0 








R5(config-roLitcr)r*no au 








R5 icon fig-ro utcr)#ncighbor 10.1.35.3 rcmotc-as 2300 








To verify the configuration: 








On RI 








Rl-Show ip bgp 








BGP tabic version is 6, local router ID is 1 . 1 . 1 . 1 








Status codes: s suppressed, d damped, h history. * valid, > best, i - internal, 








r RIB -failure, S Stale 








Origin codes: i - 1GP, c - EGP, ? - incomplete 






CCIE R&«* by Nurbflc KuL-hurians Advanced OCIE R&S Work Book 2.11 


Pqge?21ofl668 


C 204)9 NirbibKiichariini. All riflhU reserved 





Network 


Next Hop 


Mark: LocPrf 


Weight Path 


*> 1.0.0.0 


0.0.0.0 





32768 i 


*> 2.0.0.0 


10.1.12.2 





2300 i 


*> 3.0.0.0 


10.1.12.2 




2300 i 


*> 4.0.0.0 


10.1.12.2 




2300 400 i 


*> 5.0.0.0 


10.1.12.2 




2300 500 i 



Task 2 

Using the community attribute configure Rl such that when it ad vcrtiscs network 1.0.0.0 
/g to R2 in AS 200, the network is not advertised to any ol"R2's 1BGP or EBGP 

neighbors. 



The community attribute is a numerical value that ean be attached to a given prefix 
and advertised to a specific neighbor, once the neighbor receives the prefix, it will 
examine the community value and it will perform either filtering or use that value 
for route selection process. 

By default no community attribute is sent to any neighbor. To specify that a 
community attribute should be sent to a BGP neighbor, the "neighbor send- 
community" command is configured in the router config mode. 
The well known communities are as follows: 

> Internet —If assigned to a networks, that network's should be advertised. 

> Local-its- If assigned to a network's, that network's should ONLY be 
advertised within that AS. 

> No-advertise — If assigned to a network's, that network's should NOT be 
advertised to any BGP neighbor. 

> No- export — If assigned to a network's, that network's should NOT be 
advertised to an EBGP neighbor. 

On kl 

Note before con fit* tiring an access-list, always perform a "Show access- 
list" 1 command to t-nsuri 1 thai an existing aiTi'SS-list v>il not get 
overridden. 

Rl(con%^acccss-list I permit 1 .0.0.0 0.255.255255 

The access-list is used to identify the neti>ork: Prefix-lists can also be used fro this 
purpose. 



CCIE R&S, by NarMk KucharLaiw Advanced CCIE R&S Work Book 2.0 Page 722 of 1068 

C 20(19 Mir bib Kuchiriini. All rights reserved 



R! (config)f*routc-map IKS! permit 10 

R I (c o n fig -route- map )# match ip addr I 

Rl (config-roLitc-map)r*sct community no-advertise 

R 1 (c o n fig-ro u t o map )#ro u t c- m ap TEST p crmit 20 

Note (he above route-map matches on the access-list and sets the community to one 
of the well known community attribute of" no-advertise", this well known 
community attribute tells the receiving router NOT to advertise the prefix to any of 
it's neighbor s (1BGP or EBCiP). 

The "route-map TST permit 20'" is the catch-all route-map; it basically matches any 
network not matched with the match keyword in the "route-map TST permit 1(1". 

Rl (configure utcrbgp 100 

Rl (con fig-ro utcr)fmcighbor 10.1. 12.2 send-community 

Rl (config-router)#ricighbor 10.1.12.2 route-map TEST out 

In the above commands, we are sending the community and assigning the mute- 
map to a given neighbor in the out direction. 

The direction of the route-map specifies which routers decision should be influenced 
by this policy, if it should affect neighbor's decision, then, the direction of the route- 
map should be "out", but if the local router's decision should be influenced, then, 
the direction of the route- map should be "in". 

To verify the configuration: 

On R2 

R2*Shipbgp 1.0.0.0 

BGP routing table entry for 1.0.0.0/8. version 8 

Paths: (I available, best #1. table Default-] P- Routing-Table, not advertised to any peer) 
Not advertised to any peer 
inn 
10. 1.12.1 from 10.1.12.1 (1.1.1.1) 

Origin 1GP, metric 0, localprcf 100, valid, external, best 
Community: no- advertise 

Note the community attribute from R2's perspective. Since 112 does NOT advertise 
the network R3 and the other EBGP neighbor won't have any knowledge of this 

route. 

On \U 



CCIE R&«> by Narbik Kuc-hariaiw Advanced CCIE R&S Work Book 2.0 Page 723 of 1068 

C 2009 Narbik Kucha rianx All rig lib raerved 



R3*Shipbgp 1.0.0.0 
% Network not in table 

On K3 

R3#Show ip bgp 

BGP tabic version is 8, local router ID is 3.3.3.3 

Status codes: s suppressed, d damped, h history;, * valid* > best* i - internal;, 

r RIB -failure, S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 

*>i2 .0.0.0 10.1.23.2 

*> 3.0.0.0 0.0.0.0 

*>i4 .0.0.0 10.124.4 

*> 5.0.0.0 10.1.35.5 

On R4 

R4#Sh ip bgp 

BGP tabic version is 7, local router ID is 4.4.4.4 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

r RIB -failure, S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 

*> 2.0.0.0 10.1.24.2 ~ 2300 i 

*> 3.0.0.0 10.1.24.2 02300! 

*> 4.0.0.0 0.0.0.0 32768 i 

*> 5.0.0.0 10.1.24.2 2300 500i 






100 


i 







32768 i 





100 


400 







500 



Task 3 

Configure R5 such that when it advertises its network 5.0.0.0 to R3 in AS 2300, the 
routers in AS 2300 do NOT advertise that network to any of their EBGP peer s. DO NOT 
configure R3 to accomplish this task. 



On R5 



€OE R&S by Narbik Ku char urns Adtwiccd CCIE R&S Work Book 2.0 Page ~24ofl068 

C 2009 NarhikKochariaiu. All rijjhu raerved 



Note before configuring an access-list, always perform a "Show access-list" command 
to ensure that an existing access-list nil not get overridden. 

R5(config-routcr)#act: ess-list 1 permit 5.0.0.0 

R5(config)#routc-map TST permit 10 
R5(config-rcuuc*rnap)?*match ip addr 1 
R5 (c o n fig-ro u t c- map )#sct co m mu n it y n o -ex po rt 
R5 (con fig-route- map')?* route-map TST permit 20 

R5(config)r*roLitcrbgp 500 

R5(config-rautcr)rrneighbor 1 0. 1. 35. 3 send-community 
R5 (con fig-ro uter)#ncighbor 10.L35.3 route-map TST out 

This is another well knoivn community. In this case network 5.0.0.(1 1> ill ONLY be 
advertised to the routers in AS 2300. The routers in AS 2300 will NOT advertise this 
network to any of their EBGP neighbors. BUT REM EMBER THAT BY DEFAULT 
ROUTERS WILL STRIP THE COMMUNITY ATTRIBUTE, therefore, in this case 
R3 should be configured to send community to R2, or else R2 \>ill advertise that 
network to its EBGP peers. 

To verify the configuration: 



On K3 

R3(config)#Routcrbgp 2300 
R3(conf]g-routcr)#Neighbor 10.1.23.2 send- community 

R3*Shipbgp 5.0.0.0 

BGP routing tabic entry for 5.0.0.0/8, version 8 

Paths: (1 available, best #1, tabic Default- IP -Routing-Table, not advertised to EBGP peer 
Flag: 0x880 
Advertised to update-groups: 

i 
500 
10.1.35.5 from 10.1.35.5 (5.5.5.5) 

Origin 1GP, metric 0, localpref 100, valid, external, best 
Community: no-export 
To test this configuration further, a point-to-point frame- relay connection and an 
EBCiP peer session can be established between R3 and R4. R4 should NOT retch c an 
update for network 5.0.0.0 from R3, but R4 will receive an update for network 5.0.0.0 
from R2. 



CCIE R&S by Nartrik Kuc-harians Advanced CCIE R&S Work Book 2.0 Page ~25t>fl068 

C 2009 Var bib Kucha rut n «. Al I rij| h La rticrv td 



Task 4 

Confgure R3 :n AS 2300 to Lid\ aT.sc network. 3.0.0.0 8 to the routers in its ov.n AS 
ONLY. R3 should NOT advertise this network to any of its EBGP peers. 



On K3 

"soti 1 bi't'orf i'<m figuring an ai'iTss-list. ahnavs pit form a "Slum ai'iTss- 
list" command to ensure that an existing access-list nil ntit get ovcrridde n. 

R3(config)#routc-map TST permit 10 

R3 (eon fig-route- map )#sct community lot a I -as 

R3(config)#Routcr bgp 2300 

R3(eonfig-routcr)n\ctwork 3.0.0.0 route-map TST 
R3(config-routcr)#Ncighbor 10.1.23.2 send-community 

Note in this case the "route-map TEST'" command, is applied to the inbound, because it 
should affect the local router for that network and community. 

To verify the configuration: 

On K3 

R3*Shipbgp 3.0.0.0 

BGP routing table entry for 3.0.0.G'8, version 5 

Paths: (1 available, best #1, table Dcfault-lP-Routing-Tablc, not advertised outside local 
AS) 

Flag: 0x820 
Advertised to update-groups: 

1 
Local 
0.0.0.0 ftom 0.0.0.0 (3.3.3.3) 
Origin IGP, metric 0, localprcf 100, weight 32768. valid, sourccd, local, best 
Community: I oca I- AS 

R5f*Sh ip bgp 

BGP tabic version is 16, local router ID is 5.5.5.5 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

r RIB -failures Stale 
Origin codes: i - 1C3P, c - EGP, ? - incomplete 



CCIE R&«> by Narbik KuL-harians Advanced CCIE R&S Work Book 2.0 Page 726 of 1068 

C 2009 NarbikKochariaiu. All riflhU raervetl 



Network 


Next Hop 


Metric LocPrf Weight Path 


*> 2.0.0.0 


ia 135.3 


2300 i 


*> 4.0.0.0 


10.1.35.3 


2300 400 i 


*> 5.0.0.0 


0.0.0.0 


32768 ■ 



Task 5 

Rl is advertising network 1.0.0.0 which has an attached community attribute of "no- 
advertisc*" to R2 (Task 2). Router R2 should be configured to advertise network 1 .0.0.0 to 
all of its 1BGP and EBGP peers. You should utilize a well known community attribute to 
accomplish this task. 



On R2 

Note before configuring R2, we should display the prefix in BCiP as follows: 

R2*Showipbgp 1. 0.0.0 

BCjP routing table entry for 1.0.0.0/8, version 6 

Paths: (1 available, best #1, table Default- IP- Routing-Table, not advertised to any peer) 
Not advertised to any peer 
100 
10.1.12.1 from 10.1.12.1 (1.1.1.1) 

Origin IGP, metric 0, localprcf 100, valid, external, best 
Community: no-advertise 

R2 can be configured to assign a \\ell kmmn community of "Internet'" to this 
network, when the "Internet" community is assigned to a network, that network will 
be advertised to all peers. 

Tij u ■ :■ 3 1 llijtiru: 

Noti 1 bdori 1 configuring an iiiTi-ss-list. ah\avs perform a "Slum 

;n:iL'iL-ss-]is t" 1 command to ensure t J l -it an existing ac^ ess-list wil not get 
overridden. 

R2(config)#acccss-list 1 permit 1.0.0.0 

R2(configteroutc-map 1ST permit 10 



CHE R&S by NarWk Kueharians Advanced CCIE R&S Work Book 2.11 Page 72? of 1068 

C2Q09 Varl>ik Kucha rian«. All rijjhU ratrvwl 



R2(conf]g-routc-inap)#match ip addr 1 

R2 (con fig-route- map )#sct community Internet 

R2 (con fig)#ro Liter bgp 23 00 
R2(config-routcr)#ncighbor 10.1. 12.1 route-map TST in 



Tu verify the configuration: 



On R2 

R2*Sho\v ip bgp 1.0.0.0 

BGP routing tabic entry lor 1.0.0.0 8,, version 2 

Paths: (1 available, best #1, table Detail It -IP-Routing-Table) 

Advertised to update-groups: 

I 2 

100 
10.1.12.1 from 10.1.12.1 (1.1.1.1) 

Origin 1GP, metric 0, localprcf 100, valid, externa!, best 
Community: internet 

On K4 

R4"Sho\v ip bgp 

BGP tabic version is 22, local router ID is 4.4.4.4 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

rRlB-lailurc, S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 

*> 1.0.0.0 10.1.24.2 2300 100i 

*> 2.0.0.0 10.1.24.2 2300 i 

*> 3.0.0.0 10.1.24.2 023001 

*> 4.0.0.0 0.0.0.0 32768 i 

*> 5.0.0.0 10.1.24.2 2300 500i 

On K3 

R3"Sh ip bgp 

BGP table version is 14, local router ID is 3.3.3.3 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal. 



CCIE R&<> b\ Narhlk Kuehariatis Adt anted CCIE R&S Work Book 2.11 Page "28 of 1068 

C 2009 Narbik Kochariaiu. All ryliti raervetl 



rPJB- 


■failure, S Stale 






Origin codes: 


i-]GP,c-EGP 


? - incomplete 


Network 


Next Hop 


Metric LocPrf Weight Path 


*>iL0.0.0 


10. 1.12.1 





100 100 i 


*>i2 .0.0.0 


10.1.23.2 





100 i 


*> 3.0.0.0 


0.0.0.0 


(1 


32768 i 


*> i4.0.0.0 


1 ft 1 .24.4 





100 400 i 


*> 5.0.0.0 


10.1.35.5 





500i 



Task 6 

Erase the startup config and reload the routers before proceeding to the next task. 

Task? 

Configure the routers according to the diagram/chart below and use the IP addressing and 
AS numbering identified in the chart. 



CCIE R&* by Narvik KucharLans Advanced CCIE R&S Work Book 2.0 Page ?29afl068 

C2009 Narbik Kucha rianx All rijjhu ri-irrvcU 



S 



AS 100 



■v. 




Lab Setup: 

> Configure the routers that are connected to the frame-relay clouds in a po int-to- 
point manner. 

> R l should have two point-to-point sub- interfaces, one connecting to R2 and the 
other eonnccting to R3. 

> R2 and R3 should be configured with a single point-to-point connection to R l 



CCIE R&5> by Narvik Kuehariaiw Advanced CCIE R&S Work Book 2.0 

C 2009 Nirbik Kucha riim All rijjliu rciervcil 



Page ?30t>f]Q68 



II* a ililt T'ssing: 



Router 


Interface 


IP Address 


AS nu in her 


Rl 


LoO 


1.1.1.1 8 


100 




SO G.I 2 


10.1.12.1 ,24 






SO 0.13 


10.1.13.1 24 




R2 


LoO 


20.1.2.2 24 


200 




Lol 


20.13.2 £4 






SO/0.21 


10.1.12.2/24 




R3 


LoO 


30.1.2.3/24 


300 




Lol 


30.1.3.3/24 






SO 0.31 


10.1.13.3 ,24 





On Rl 

R 1 (config')#ro titer bgp 100 
Rl (config-routcr)#nctw 1.0. 0.0 
Rl(config-router)#no au 
R I (c onfig-rou tcr)#ncighbor 
R 1 iconfi£-routcr)#ncighbor 

On R2 



0.1.12.2 rcmotc-as 200 
0.1.13.3 rcmotc-as 300 



R2(config-ii>routcr bgp 200 

R2k:onfig-rotitcr)#no au 

R2i;c onfig-rou ier)# net work 20.1.2.0 mask 255.255.255.0 

R2i:config-routcr)*nct\vork 20.1.3.0 mask 255.255.255.0 

R2(config-routcr)#ricighbor 10.1.12.1 rcmotc-as 100 

On K3 

R3(config-ii> ! ro titer bgp 300 

R 3 (c o n fig -ro u t er) * no au 

R3i;config-routcr)snctw 30.1.2.0 mask 255.255.255.0 

R3fconfig-roLitcr)#nctw 30. 1.3.0 mask 255.255.255.0 

3(config-routcr)#ncighbor 10.1.13. 1 rcmotc-as 100 

'i'o verify the conf'iauratiiHi: 
On Rl 



R l-Shuv. :p bgp 



CCIE R&«» bv Narbik KuirharLaris 



Advanced CCIE R&S Wurk Book 2.0 

C2009 \arl>ik Kucha rian«. All rijhU reserved 



Page 731 of 1068 



BGP tabic version is 6, local router ID is 1 .1 . 1 . I 


Status codes: s 


suppressed, d damped, h history, * valid, > best, i - internal, 


r RIB- 


failure. S Stale 




CD rig in codes: i 


- IGP.e-EGP, 


? - incomplete 


Network 


Next Hop 


Metric LocPrf Weight Path 


*> 1.0.0.0 


0.0.0.0 


32768 i 


*> 20. 12.0/24 


10.1.122 


200 i 


*> 20. 1.3.0/24 


10.1.122 


200 i 


*> 30. 12.0/24 


10.1.13.3 


300 i 


*> 30. 1.3.024 


10.1.13.3 


30 Oi 



Task8 

Ensure that Rl uses AS 200 to connect to networks in subnet 2 (20.1.2.0 24 and 30.1.2.0 
.24) and AS 300 to connect to networks in subnet 3 (20.1 .3.0 .24 and 30. 1.3.0 /24). You 
must use community tags in AS 200 and 300 and neighbor commands on Rl to 
accomplish this task. 



On R2 

R2(config)#acccss-list 2 permit 20. 1.2.0 0.0.0255 

R2(eonfig)#access-list 3 permit 20. 1.3.0 0.0.0255 

R2(config)#routc-map TST permit 10 
R2 (con ilg-routc- map )#match ip addr 2 
R2(config-routomap)#!ict community 2 

R2 (c o n fig )# rout c- map TST perm it 20 
R 2 1 c o n fig -r o u t c- map ) U mate h ip ad d r 3 
R2(config-routc-map)#sct community 3 

Note the above command "set community" tags the route's identified in the access- 
list. 

R2 1 eonfig)#ro utc-map TST permit 30 

R2(config)#routcrbgp 200 
R2(config-routcr)n : neiyhl>or 10.1.12.1 send-eommunity 



€OE R&<> by Narblk kuchariati!. AdtuicedCCIE R&S Work Book 2.11 Page ~32oflQ68 

C 2009 Narbik Koch* runs. All rHjhU rcirrvt-d 



R2(config-routcr)#neighhor 10.1.12.1 route-map TST out 

On K3 

R3i;config)#acccss-list 2 permit 30.1.2.0 0.0.0.255 

R3(config)#acccss-list 3 permit 30. 1.3.0 0.0.0.255 

R3(config)#routc-map TST permit 10 
R3(config-routc-map)#match ip addr 2 
R3(config-routc-map)#sct community 2 

R3(config)#routc-map TST permit 20 
R3 (con fig-route- map )#match ip addr 3 
R3 ( c o n fig -ro u t c- map )# set c o m mu n ity 3 

R3(config)#roLitc-map TST permit 30 

R3(config)#routcrbgp 300 

R3(config-rautcr)#ncighbor 10.1.13.1 send- community 
R3 f c o n fig-ro u tcr)#ncighbo r 10.1.13.1 route- map TST o u t 

Note Rl can display the routes via their assigned community tags: 

On Rl 

Rl#5how ip bgp community 2 

BGP tabic version is 1 8, local router ID is I . I . I . I 

Status codes: s suppressed, d damped, h history. * valid, > best, i - internal, 

r RIB -failure, S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 

*> 20. 1 2 .0/24 10.1.122 " 200 i 

*> 30. 1 .2.0 '24 1 0. 1 . 1 3.3 300 i 

Note these are the routes that R2 and R3 tagged using community 2. 

Rl#Sho\v ip bgp community 3 

BGP tabic version is 18, local router ID is 1. 1 . 1 . 1 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 



CCIE R&S by NarMk Kuchariuiw Advanced CCIE R&S Work Book 2.0 Page "JJ of 1068 

C 2009 Narbik Koch* ruins. All riflhU raervetl 



r RlB-failure r S Stale 
Origin codes: i- 1GP. e - EGP. ? - Incomplete 

Network Next Hop Metric LocPrf Weight Path 

*>20.1.3.0'24 10. J .12.2 200 i 

*> 30.1. 3.024 1 0.1. 1 3. 3 300 s 

Nate these are the routes that R2 and R3 tagged using community 3. 

On Rl 

RI(config)r*ip community- list standard TST2 permit 2 

RI(config)rip community-list standard TST3 permit 3 

Rl is identifying the community tags using a community- list. This is like writing an 
access-list to identify a given route's. 

RI(cofifig)*Toute-iTiap TEST permit 10 

R I (config- route-map )£ match community TST2 

Rl(conftg-route-map)r*sct ip nest-bop 10. J. 12. 2 

RI(config)#route-map TEST permit 20 

R I (config- route-map )~match community TST3 

R I (config- route -map )£ set ip next-hop 10. J. 13. 3 

R I (config) Mroute -map TEST permit 30 

The communities are matched and the policy is assigned. 

RI('config)rTouterbgp 100 

RI(confIg-router)&neighbor 10. 1 .12.2 route-map TEST in 

RI(config-router)£neighbor 10. 1 .13.3 route-map TEST in 

The policies are applied to the neighbors using the "neighbor route-map" 

commands. 

Do not try to test reachability to the network through the newly assigned next hop 

IP addresses, the purpose of this I ah is to understand the scope of the community 

attributes and its uses. To verify this lab enter "Show ip bg p" to see the next hop 

attribute. 

R I "Show :p bgp 

BGP table version is 6. local router ID is 1 . 1 . 1. 1 



CCIE K&S by Narbik Kocharians Advanced CCIE R<4S YVorkBook 2.41 Page ?S4 oj "1068 

C 2009 \irhik Kndiiriini . Ill rights reserved 



Status codes: s 


suppressed, d damped, h history, 


* valid, > best, i - internal, 


rRlB- 


failure. S Stale 








rig in codes: i 


-IGP«e-EGP, 


? - incomplete 






Network 


Next Hop 


Metric LocPrf 


Weight 


Path 


*> 1.0.0.0 


0.0.0.0 





32768 


i 


*> 20. 1.2.0/24 


10.1.12.2 


{'! 





200 i 


*> 20. 1.3 .0/24 


10.1.13.3 








200 i 


*> 30. 1.2.0/24 


10.1.12.2 


!) 





300 i 


*> 30. 1. 3.0 '24 


10.1.13.3 








300 i 



Task 9 

Erase the startup con tig and reload the routers before proceeding to the next lab. 



CCIE R&«> by Narbik Kucharians Advanced CCIE R&S Work Book 2.0 Page ?3St>fl068 

C 2009 Narbik Kuchiriani. All right! rtiervtii 



Lab 7 - BCP Cost Community 



AS 100 




AS 200 



Lab Setup: 

> Configure Rl to be the hub and R2 and R3 to be the spokes, the frame-relay 
routers should be configured in a point-to-point manner. 

> RlPv2 should be used to provide NLR] tor the links. The loopbackO interfaces of 
R2, R3 and R4 should also be advertised in RIPv2 routing protocol. 

> The FQ.'O interface of R2, R3 and R4 should be configured in VLAN 234. 



CCIE R&<> bx Narbik KuehnrLaiM 



Advanced CCIE R&S Work Book 2.0 

E 3(009 \irl>ik Kucha riim All righti rcurrvcii 



Page 736 of 1068 



> Use the fo Hawing 1 P addressing e hart for IP addressing assignment 



IP addressing: 



Router 


Interface IP address 


Rl 


SO 0.12= 10.1.12.1 24 
SO. 0.13= 10.1.13.1 ;24 
LoopbackO = 1.1.1.1/8 
Laapback I = 100.1. 1.1 .24 
Loopback2=200.1.l.l 24 


R2 


SO/11.21 = 10.1.12.2/24 
F00 = 10.1.234.2 -'24 
LoopbackO = 2.2.2.2 8 


R3 


SO. 0.31 = 10.1.13.3 24 
F0 = 10.1234.3 "24 
LoopbackO = 3.3.3.3/8 


R4 


F0/0= 10.1.234.4 -'24 
LoopbackO = 4.4.4.4 /8 



1 ask 1 

Configure Rl in AS 100, this router should establish an EBGP peer session with R2 and 
R3 in AS 200, Rl should advertise it's Lol and Lo2 interlace in BGP. All BGP routers 
should use their loopback interface as their router-id. 



On Rl 

R 1 (config)#ro utcr bgp 100 

Rl (con fig-rout er)#bgp router-id 1 . 1 . 1. 1 

Rl (config-routcr)^no auto-summary 

R 1 ( c o n fig-r o u t cr)#ncigh 1 . 1 . 1 2 2 rcrno tc- as 2 
Rl(config-routcr)#ncigh 10.1.13.3 remote- as 200 

Note in BGP iff the auto summary is disabled, then a sub net ted network should be 
advertised using the mask keyword followed by the correct mask. 



CCIE R&«* In Narbik KuL-harians 



Advanced CCIE R&S Uurk Book 2.0 

C2Q09 Narlrib Kucharunt. All righu reserved 



Pqge737ofl068 



Rlfconilg-routcr)* network 100.1. 1.0 mask 255.255.255.0 
Rl rconfig-routcr)#nctwork 200. 1 .1.0 

On R2 

R2 (c o n figure liter bgp 20 
R2(config-routcr)#bgp router-id 2.2.2.2 
R2(config-routcr)#no auto-summary 

R2i;config-router)#ncighbor 10.1.12.1 rcmotc-as 100 

On 1*3 

R 3 (c o n figure u tcr bgp 200 
R3(config-routcr)rrbgp routcr-id 3.3.3.3 
R 3 (c o n fig-ro u tcr)#no aut o - su mmary 

R3 icon fig -routcr)#ncighbor 10.1.13.1 rcmotc-as 200 



To vl'i itv the configuration: 



On kl 

Rl#Show ip bgp summary 

BGP router identifier LI XI, local AS number 100 

BGP tabic version is 3, main routing tabic version 3 

2 network entries using 234 bytes of" memory 

2 path entries using 104 bytes of memory 

2 1 BGP path bestpath attribute entries using 248 bytes of memory 

BGP route- map cache entries using bytes of memory 

BGP filter-list cache entries using bytes of memory 

BGP using 586 total bytes of memory 

BGP activity 20 prefixes, 2/0 paths, scan interval 60 sees 

Neighbor V AS MsgRcvd MsgScnt TblVer InQ OutQ Up/Down Statc'PfxRcd 
10.1.122 4 200 4 5 3 £30:01:34 

10.1.13.3 4 200 4 5 3 00:00:20 

Rl#Show ip bgp 

BGP tabic version is 3, local router ID is 1 . 1 . 1 . I 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 
rRlB-iailurc, S Stale 



COE R&«* b\ Narbik kuL-hariaiw Adt anted OCIE R&S Work Book 2.11 Page 738oflQ68 

C 2009 Narbik Kocharians. All rhjhls rcscrvwl 



Origin codes: i 


- IGP, c - EGP, ? - incomplete 


Network 


Next Hop Metric LocPrf Weight Path 


*> 100.1.1.024 0.0.0.0 32768 i 


*> 200. 1.1.0 


0.0.0.0 32768 i 


On R2 




R2#Show ip b^ 


£ 


BGP table version is 3, local router ID is 2.2.2.2 


Status codes: s 


suppressed, d damped, h history, * valid, > best,, i - internal, 


rRlB- 


failure, S Stale 


Origin codes: i 


- IGP, c - EGP, ? - incomplete 


Net wort: 


Next Hop Metric LocPrf Weight Path 


*> 100.1.1.0 24 10.1.12.1 1 00 i 


*> 200. 1.1.0 


10.1.12.1 100 i 


On R3 




R3£Show ip b^ 


il 


BGP table version is 3, local router ID is 3.3.3.3 


Status codes: s 


suppressed, d damped, h history, * valid, > best, i - internal, 


rRlB- 


failure, S Stale 


Origin codes: i 


- IGP, c - EGP, ? - incomplete 


Net wort 


Next Hop Metric LocPrf Weight Path 


*> 100.1.1.0 24 10.1.13.1 100 i 


*> 200. 1.1.0 


10.1.13.1 100 i 



I ask 2 

Configure an 1BGP peer session between R2, R3 and R4; these routers should establish 
their peer session based on their Loopback interface. 



On R2 

R2 (c o n fig )#ro u tcr bgp 20 
R2(config-routcr)#ncighbor 3.3.3.3 rcmotc-as 200 



COE R&S by Narblk kuchariam Adx anted CCIE R&S Work Book 2.11 Page ?39oflQ68 

C2009 N«rbik Koch* runs. All rijhu raervt-d 













R2(conilg-routcr)#neighbor 3.3.3.3 updatc-sourcc loO 
R2(config-router)r*ncjghbor 4.4.4.4 rcmotc-as 200 
R2(config-routcr)#ricighbor 4.4.4.4 updatc-sourcc loO 








On R3 








R3(config)#routcrbgp 200 
R3(config-router)#neigM>or2 s Z2,2 rcmotc-as 200 
R3('config-routcr)#ncighbor 2.2.2.2 updatc-sourcc loO 








R3(conf]g-routcr)#ricighbor 4.4.4.4 rcmotc-as 200 
R3(config-roiiter)#neighboi 4.4.4.4 updatc-sourcc loO 








On R4 








R4 (e o n fig)#ro u t cr bgp 20 
R4(config-routcr)#no auto-summary 
R4(config-routcr)r*bgp routcr-id 4.4.4.4 








R4 i "c o n fig-ro u tcr)#ncighbo r 2 . 2. ?. 7 rcmo t o as 20 
R4(config-routcr)#ncighbor 2.2.2.2 updatc-sourcc loO 








R4(config-router)#ncighbor 3.3.3.3 rcmotc-as 200 
R4iconfig-routcr)#ricighbor 3.3.3.3 updatc-sourcc loO 








To verify the configuration: 








On R2 








R2#Show ip bgp summ 








BGP router identifier 2.2 .2.2, local AS number 200 

BGP table version is 3, main routing tabic version 3 

<snip> 

Neighbor V AS MsgRcvd MsgScnt TbIYcr InQ OutQ L'p/Down 

3.3.3.3 4 200 7 7 3 00: 02:44 

4.4.4.4 4 200 5 6 3 00:01:27 
1 0.1. 1 2.1 4 100 31 30 3 00:27:38 


State PtxRcd 

2 


2 






On K3 








R3"Show ip bgp summ 








BGP router identifier 3.3.3.3, local AS number 200 






cc 


IE R&!s b) Narbik KuL-harians AdtuicedCCIE R&S Wurk Book 2.0 

C2009 NirbikKuchariini. All rijhU reserved 


Page "40 of It 


US 



BGP tabic version is 3, main routing tabic version 3 

2 network entries using 234 bytes of memory 

4 path entries using 208 bytes of memory 

3/1 BGP path bestpath attribute entries using 372 bytcsof memory 

I BGP AS- PATH entries using 24 bytes of memory 

BGP route-map cache entries using bytes of memory 

BGP filter-list caehc entries using bytes of memory 

BGP using 838 total bytes of memory 

BGP activity Z'O prefixes, 4/0 paths, scan interval 60 sees 



Neighbor 
22.2.2 
4.4.4.4 
10.1.13.1 



On R4 



V AS MsgRcvd MsgSent TblVcr InQ OutQ Up Down State PlxRcd 

4 200 12 12 3 00:07:55 2 

4 200 9 10 3 00:05:59 

4 100 36 35 3 00:31:36 2 



R4#Show ip bgp summ 

BGP router identifier 4.4.4.4, local AS number 200 

BGP table version is 3, main routing table version 3 

2 network entries using 234 bytes of memory 

4 path entries using 208 bytes of memory 

2/1 BGP path bestpath attribute entries using 248 bytes of memory 

1 BGP AS- PATH entries using 24 bytes of memory 

BGP route- map cache entries using bytes of memory 

BGP filter-list cache entries using bytes of memory 

BGP using 714 total bytes of memory 

BGP activity 20 prefixes, 4/0 paths, scan interval 60 sees 



Neighbor V AS MsgRcvd MsgSent TblVcr InQ OutQ Up. Down State 1 ? fitRod 
22.2.2 4 200 15 14 3 00:10:40 2 

3.3.3.3 4 200 15 14 3 00: 10:01 2 



Task 3 



Configure R2 and R3 to result the following output: 



CCIE R&«> bv Narbik KuL-hariuns 



Advanced CC1 E R&S Uurk Book 2.0 

E 2009 Narbik Kucha run*. All rij|hti raerv«l 



Page '41 of 1068 



On R2 










R2#Show ip bgp 


b Network 








Network 


Next Hop 


Metric LocPrfW 


eight Path 




*i 100. 1.1. 0/24 


3.3.3.3 


100 


100 i 




*> 


10.1.12.1 





100 i 




* i200. 1.1.0 


1 -| -| T 

*t ""i 1 "h 


100 


100 i 




*> 


10.1.12.1 





100 i 




On R3 










R3#Show ip bgp 


b Network 








Network 


Next Hop 


Metric LocPrfW 


eight Path 




*i 100. 1.1. 024 


2,2.22 


100 


100 i 




*> 


10.1.13.1 





100 i 




* .200.1. 1.0 


--■-'-' 


100 


100 i 




*> 


10.1.13.1 





100 i 




On R4 










R4#Show ip bgp 


b Network 








Network 


Next Hop 


Metric LocPrfW 


eight Path 




* ilOO.1.1.0 24 


-i -i m i 
JJJJ 


100 


100 i 




*>i 


7 7 7"! 


100 


100 i 




* 1200.1. 1 .0 


~i T ^ 1 

■* *S *S ^ 


100 


100 i 




*>i 


:.:.:.: 


100 


lOOi 






On R2 














R2(config')#ro Liter bgp 200 












R2 (con fig -router 


)#ncighbor 3 


3.3.3 ncxt-hop-sclf 










R2 (con fig-ro lit cr)# neighbor 4.4.4.4 next- hop- self 










On R3 














R 3 (c o n figure u tcr bgp 20 












R3(config-routcr 


)#ncighbor 2 


2.2.2 ncxt-hop-sclf 










R 3 (eon fig -router 


Jr^ncighbor 4.4.4.4 ncxt-hop-sclf 








CCIE R&<> bj Nartnk Kocharians 


Advanced CCIE R&SV 


hark Book 2.0 


Page "42 of 1068 






C 2009 Virbik Kucha rum. All rhjIiU reserved 















To verify the cunfimiratiun: 








On R2 








R2#Show ip bgp b Network 








Network Next Hop Metric LocPrfWcight Path 
* ilOO.l. 1.0^4 1,1,1.1 100 TOO i 
*> 10.1. 12. 1 100 i 
*i20O.I.ljG 1.1,11 100 OlOOi 
*> 10.1.12.1 100 i 








On R3 








R3#Show ip bgp h Network 








Network Next Hop Metric LocPrf Weight Path 
*i 100. 1.1. 0/24 2,7,7,2 100 O lODi 

*> 1 0.1.1 3.1 OlOOi 
*i200. 1.1.0 22.2.2 100 100 i 
*> 1 0.1.1 3.1 OlOOi 








On R4 








R4#Show ip bgp b Network 








Network Next Hop Metric LocPrfWcight Path 
* i 100. 1 . 1 ,0/24 3.3. 3.3 100 100 i 
*>i 222.2 100 OlOOi 
*ia0O.l.ljQ 3,1 1 3 100 100 i 
*>i 7,7,7,2 100 OlOOi 






Task 4 




Configure R4 such that if a "Show ip bgp | b Network" command 
the output of the following: 


is entered, it matches 


On R4 




R4#Show ip bgp b Network 




CCIE R&«* by Narbik Kuirhariami Advanced CCIE R&S Work Book 2.0 

C20Q9 \«rl>ik Kucha rianx All rij|hu reserved 


Page "43 of 1068 



X ct w ork Next Hop M etrie L ocP if Weigh t Path 

*>ilO0. 1.1.0/24 3.333 100 100 i 

*i 2.2.22 UK) OlOOi 

* 1200.1. 1.0 3.3.3.3 100 OlOOi 

*>i 1112 100 100 ] 



In this scenario, the cost extended community attribute is used. 
£■ Cost is an extended community attribute 

> It's a Non-Transitive extended community attribute that alhms you to 
customize the local mute preference t>hich can influence the best path 
selection pit) cess 

> This attribute is applied by configuring the "Set extcommunity cost'" 
command, using a route-map. This command is configured with a cost 
community id (0-255) and a cost value (0-4.29 Billion) with a default cost 
value of 2.145 Billion. The lower value has more preference, but the hmer 
EASl community id value is used as the tie breaker. 

On K4 

The following identifies the prefix: 

R4(config)Saecess-list 1 permit 100.1.1.0 0.0.0.255 

A route-map matches the access-list and applies the extcommunity cost attribute 
with tiff* numbers, the first number is the community id and the second number is 
the community value. 

R4 (con fig )r#Ro utc- map TST permit 10 
R4 (con fig-route- map)" match ip address 1 
R4(conllg-ro utc- map) s Set extcommunity cost 1 1 

R4 (c o n fig-ro u tc- map )# route- map TST per 20 

Lastly, it's applied by the neighbor command: 

R4 (eon fig-ro u t c- map )# router bgp 200 
R4(config-routcr)# neighbor 3.3.3.3 route-map TST in 



CCIE R&S by NarbJk Kuehariaiw Advanced CC1E R&S Work Book 2.0 Page "44 of 1068 

C2009 >«»rl>ik. Kucha riim All rijjhu rcitrved 



Task 5 

Erase the startup configuration and reload the routers before proceeding to the next lab. 



CCIE R&«* by Narbik Kuchariaiw Advanced CCIE R&S Work Book 2.0 Page ?4SoflQ68 

£ £009 >iarl>ik Kucha rlim All rij|hu raerved 



Lab 8- 


- BGP & Load Balancine-I 






S 



/ 



AS 100 N 10i1 . 1i0/24 AS200 



LcC 



\ 



V 



v 




■', 



/ 



J \ 

10.2.2.0/24 



Lot) 




--■. 



/ 



---' 



l.al> Set up: 

> Configure FO/0 interlace of Rl and R2 in VLAN 1 00 
r Configure FO/I interlace of Rl and R2 in VLAN 200 

> Use the IP addressing chart for IP address assignment 



II* addt Lssin": 



Router 


Interlace/ IP address 


Rl 


F0 = I O.I. 1.1 .'24 
FO'l =10.22.1 ;24 
LoopbackO = 1. 1.1.1 % 


R2 


F0/0 = 10.1.1.2/24 
FflWJ =10.2.2.2 /24 
I.oopbackO = 2.2.2.2 ffl 



CCIE R&5> by Narvik Kucharians Advanced CCIE R&S Work Book 2.0 

C2009 Varbik Kucha rianx All rijjhu rciervcil 



Page 746 of 1068 



Task 1 

Configure an EBGP peer session between Rl and R2 ensure that these routers perform 
load balancing using the two links. Use an 1GP of your choice. 



In this topology since the routers are directly connected, the load balancing can he 
performed if the EBGP peer session is established based on the loophack interface of 
the routers, up to 6 equal cost paths can be used. RIP 1 .! was chosen lis (Iil 1 ICiP, 

On Rl 



R 1 (configure utcr bgp 1 00 

Rl (config-routcr)#no auto-summary 

Rl (c o nfig-ro liter )# neighbor 2.2.2.2 remote- as 200 
Rl(eonfig-router)#ncighbor 2.2.2.2 cbgp-mu'itihop 2 
Rl (con fig-rout cr)#ncighbor 2.2.2.2 update-source loO 

R 1 (configure Liter rip 

R I (config-routcr)#no auto-summary 

Rl (config-routcr)#vcr 2 

Rl (config-router)#nctwork 10.0.0.0 

R 1 (config-rou tcr)#nctwork 1 . 0.0.0 

On R2 

R2(config)#routcrbgp 200 
R2(eonfig-roLi tcr)Trno auto-summary 

R 2 1 c o n fig -r o u t cr )#ncighbo r 1.1.1.1 remo tc- as 1 
R 2 1 c o n fig -r o u t cr)#ncighbo r 1.1.1.1 u p d at c - so u rcc loO 
R2(config-router)#ncighbor 1 . 1. 1. 1 cbgp-mu'itihop 2 

R2(config)#ro Liter rip 
R2(config-routcr)#no auto-summary 
R2 (c o n fig-ro u t er)# vcr 2 
R2 (c o n fig-ro u ier)# net wo r k 10. 0. 0. 
R2(config-roiitcr)rrnctwork 2. 0.0.0 



To verify the configuration: 



On Rl 



Rlr*Sh in ban summ 



CeiE R&l$> b\ .Wbik kuchariaiw Adt uiccd CCiE R&S Work Book 2.0 Page ~4?t>flQ68 

C 2009 X«rbik Koch* ruins. All riflhU raervetl 



BGP router identifier 1.1.1.1, local AS number 100 
BGP tabic version is 1, main routing table version 1 






Neighbor V AS M 
22.2,2 4 200 


sgRcvd MsgScnt 

7 " 8 


THVcr 

1 


InQ QutQ Up/Down Statc/PfxRcd 
00:01:07 


On Kl 












Rl#Showip route rip 












R 2.0.0.0 8 [120/1] via 
[120/1 J via 


10.2.22, 
10.1.1.2, 


00:00:03 
00:00:27 


FastEthcmctO/1 
, FastEthcrnctO/0 




On R2 












R2#Show ip route rip 












R 1.0.0.0/8 [ 120/ lj via 
[120/1 J via 


102.2.1, 

10.1.1.1. 


00:00:19 
00:00:03 


FastEthcmctO/1 
, FastEthcrnctO/0 




To test the configuration: 










On kl 












RItfTraccroutc 2.2.2.2 












Type escape sequence to abort. 
Tracing the route to 2.2.2.2 










1 107? 2 4 msec 
10.1.1.2 4 msec * 












On R2 












R2*Traccroutc 1.1.1.1 












Type escape sequence to 
Tracing the route to I.I. 


abort. 

.1 










1 10.2.2.1 msec 
10.1.1.1 msec * 













eOE R&S by Narhflc Kuchariaiw Advanced CCIE R&S Work Book 2.11 Page ?4So/1068 

E 2009 \«rbik. Koch* ruins. All rijjhu raervetl 



Task 2 

Erase the startup configuration and reload the routers before proceeding to the next lab. 



CCIE R&«* by Narbik Kuchariaiw Advanced CCIE R&S Work Book 2.0 Page 749o/J068 

£ £009 N«rl>ik Kucha riaiu. All rij|hu raerved 



Lab 9 - BGP & Load Balancing-II 



AS 100 



/ 



/ 



\ 



X 




10.1^3-0/24 



AS 200 



N 



\ 



/ 



.-'• 



Lab Setup: 

> Configure R! as the hub and R2 and R3 as the spokes, all frame-relay links 
should bcconfigurcd in a point-to-point manner. 

> Configure FGV0 interface of R2 and R3 in VL AN 23. 

> Use the IP addressing eh art for IP addressing assignment. 



CCIE R&5> by Narvik Kurtiariaiw Advanced CCIE R&S Work Book 2.0 

C2009 Virbik Kucha rmni. All rijjliu rciervcil 



Page 750 of 1068 



II J addt Lssinjj; 



Router 


Interface ■' IP address 


Rl 


SO 0.12= 10. 1. 12.1 24 
SO 0.13= 10. 1.1 3.1 ,'24 
LoopbackO = 1. 1.1.1 8 


R2 


SO/0.21 = 10.1.12.2 "24 
FO0 = 10.1.23.2/24 


R3 


SO 0.31 = 10.1.13.3 .'24 
FO/0 = 10.1.23.3/24 
LoopbackO = 3.3.3.3/8 



1 ask 1 

Configure Rl in AS 100 to establish EBGP peer sessions with R2 and R3 in AS 300. R2 
and R3 shoiud advertise nctw 10.1.23.0 .24 in BGP. 



On Rl 








Rl (config-routcr)**rautcrbgp 100 




Rl (config-routcr)r*no auto-summary 




R 1 (con fig-ro utcr)#ncighbor 


10.1 


12.2 rcmotc-as 


200 


R 1 (config-ro Liter) ^neighbor 


10.1 


13.3 rcmotc-as 


200 


On R2 








R2i;config)?*ra Liter bgp 200 








R2(config-rou tcr)#no auto-summary 




R2iconfig-routcr)r*\ct\vork 


10.1. 


23.0 mask 255. 


255.255.0 


R2 (c o n fig-ro u t cr )# ncighbo r 


10.1 


12.1 rcmotc-as 


100 


R2 (c o n fig-ro u t cr)?* ncighbo r 


10.1 


.23.3 rcmotc-as 


200 


On R3 








R3(config)#routcrbgp 200 








R 3 (c o n fig-ro u tcr)r* no aut o - su mmary 




R3(config-routcr)r* network 


10.1. 


'3.0 mask ">55.255.255.0 


R 3 (c o n fig -ro u t cr)** ncig hb o r 


10 J 


13. 1 rcmotc-as 


100 



CCIE R&*s bi Narbik kucharians 



Ad* ancLd CCIE R&S Wurk Book 2.0 
C 2009 V«rl>ik Kucha riini All riflhU reicrvcd 



Page 751 of 1068 



R3(config-routcr)#ncighbor 10.1.23.2 rcmotc-as 200 
'l'o verify the configuration: 

On Kl 

R1*Sh ip bgp 

BGP tabic version is 2, local router ID is I . I . I . I 

Status codes: s suppressed, d damped;, h history, * valid, > best, i - internal, 

r Rl B - tail ore, S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 

* 10.1.23.0 24 10.1.122 " 200 i 

*> 10.1.13.3 200 i 

RlftShow ip route b Gateway 

Gateway of last resort is not set 

C I .O.O.O'S is directly connected, LoopbackO 

10.0.0.0/24 is subnetted, 3 subnets 
C 1 0. 1 .1 3.0 is directly connected, ScrialO'O. 13 
C 1 0. 1 . 1 2.0 is d ircctly connected, Scrial0/0. 1 2 
B 10.1.23.0 (20/01 via 10.1.13.3,00:03:32 



Task 2 

Configure Rl such that it uses both neighbors ( R2 and R3) to perform an equal cost load 

balancing. 



Note BGP will ONLY use one path to a given destination: therefore, it does not 
perform load balancing amongst multiple equal cost paths. The "maximum-paths'' 
command can he configured to change this behavior. 

On Kl 



R 1 (c o n fig)#ro uter bgp 10 

Rl (con fig -routcr)#maxi mum- paths 2 



CCIE R&^ b\ Narbik KuL-harLaiw Adt anted OCIE R&S Work Book 2.11 Page ?S2oflQ68 

C 2009 Narbik Kxichariaiu. All rijhUi rcicnnl 



To verify the configuration: 

On Rl 
RlgShgw ip bgp 

BGP tabic version is 3, local router ID is 1 . 1 . 1 . I 

Status codes: s suppressed, d damped;, h history* * valid* > best* i - internal* 

r RIB -failure, S Stale 
Origin codes: i - 1GP, e - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 

*> 10. 1.23.0 24 10.1.12.2 ~ 200 i 

* 10.1.13.3 200 i 

Rlr^Show ip route h Gateway 

Gateway of last resort is not set 

C 1.0.0.0/8 is directly connected. LoopbackO 

1 0.0.0. 0/24 is subnet .ted. 3 subnets 
C 1 0. 1 . . 1 3 .0 i s d ircc tly co n n cc t cd , ScrialO/0 . 1 3 
C 1 0. 1 . 12.0 is directly connected, ScrialO/0. 12 
B 10.1.23.0 [20/01 via 10.1.13.3, (10:00: IS 
[20/01 via 10.1.12.2,00:00:18 

Note Rl is performing equal cost load balancing across the hvo links. 



Task 3 

Erase the startup configuration and reload the routers before proceeding to the next lab. 



CCIE R&«, by Narbik Kuehuriaiw Advanced CCIE R&S Work Book 2.0 Page ?S3 of 1068 

C2009 Narbik Kucha rians. All rijjhu raerved 



Lab 10 - BGP Unequal-Cost Load Balancing 



s 



/ 



/ 



AS 100 

10.1.1.0/24 




AS 100 



■s 



=0/01.1 



10.1.1.0/24 



\ 



\ 



\ 




\ 



AS 200 



/ 



N 



\ 



/ 



/ 



---. 



CCIE R&* by \nrUk Kuehariaiw Advanced CCIE R&S Work Book 2.IJ 

£ 3009 Varbik Kucha riani. All rijjhu rciervcii 



Vage ?54t>f]Q68 



Lab Setup: 

> Configure F ().'() interface of Rl. R2, R3 and R4 should be configured in VLAN 
100. 

> Configure the frame-relay connections in a pa int-to-puint manner. 
S* Use the IP addressing chart below for IP address assignment. 

IP aililfL'ssina: 



Router 


Interface IP address 


VLA>" 


R I 


F0 = IO.i.i.1 24 


100 


R2 


F0/0 = 10.1.1.2/24 
SO/0.25 =10.1.25.2/24 


100 


R3 


SO. 0.35= 10.1.35.3/24 
F0 = 10. 1.1.3 24 


1 00 


R4 


F00 = 10.1.1.4/24 
SO/0.45 =10.1.45.4/24 


100 


R5 


SO 0.54= 10.1.45.5/24 
SO/0.53 = 10.1." V24 
SO/0-52 =10.1.25.5/24 
Lo0 = 5.5.5.5/8 





Task I 



Configure peering according to the diagram. 



On Rl 










R 1 (config)#ro utcr bgp 100 










R 1 iconf]g-routcr)#ncighbor 


10.1 


1.2 


remote 


100 


R 1 (c o n fig-ro u tcrj^ncighbo r 


10.1 


1.3 


remote 


100 


R 1 ( c o n fig-ro u t cr)#ncighbo r 


10.1 


1.4 


remote 


100 


On R2 










R2(config)n i routcr bgp 1 00 











CCIE R&5* bv Narbik Kucharians 



Advanced CCIE R&S Work Book 2.0 

C 2009 Nvbik Kucha rlim All rnjhu raerved 



Page 755 of 1068 



R2(config- 
R2(config- 
R2 (eon fig- 
R2 (con fig- 
R 2 (con fig- 


router)?* no au 
routcr)#ncighbor 
router)?* neighbor 
router)?* neighbor 
routcr)Trneighbor 


I0.I.I.I remote 100 

10.1. 1.3 remote 100 

10.1. 1.4 remote 100 
10.1.25.5 remote 200 


On R3 








R3 (c o n fig)#ro u t cr bgp 1 00 
R 3 (c o n fig-ro u tcr)# no au 
R3(config-routcr)r# neighbor 
R 3 (c o n fig-ro u t cr) # ncighbo r 
R 3 (c o n fig-ro u tcr)#ncighbo r 
R3(config-routcr)#neighbor 
R3( con fig-ro utcr)rr neighbor 


10 
10 
10 
10 
10 


1.1.1 remote 100 

1.1.2 remote 100 
1. 1.4 remote 100 
Li<5 % remote WQ 
1.35.5 remote 2 00 


On R4 








R4 (c o n fig-ro ut cr bgp 100 
R4 (con fig-ro utcr)r*no au 
R4(config-routcr)n : neighbor 
R4 (c o n fig-ro u tcrjrr ncighbo r 
R4 (c o n fig-ro u tcr)# ncighbo r 
R4iconfig-routcr)r# neighbor 


10 
10 
10 
10 


1.1.1 remote 100 

1.1.2 remote 100 

1.1.3 remote 100 
1.45.5 remote 2 00 


On R5 








R5(config)#ro Liter bgp 200 
R 5 (con fig-ro Litcr)#no au 
R5 (con fig-ro u t cr)#ncighbo r 
R5 (c o n fig-ro li tcr)Tr ncighbo r 
R 5 (c o n fig-ro u t cr) r* ncig hb o r 
R5(config-roLitcr)rrnctwork '. 


10.1.25.2 remote 100 

10.1.35.3 remote 100 

10.1.45.4 remote 100 
5.0.0.0 


To vcrit\ 


the eonf'ijiunitn 


►n: 


On Rl 








Rl*Show 


p bgp b Network 




Network 
*i5. 0.0.0 
* i 


Next Hop 

10.1.25.5 

10.1.35.5 




Metric LocPrf Weight Path 
1 00 200 i 
1 00 200 i 



CCIE R&l$ bv Narbik Kuirhariati. 



Advanced CC1 E R&S ttdrk Book 2.0 

C2Q09 \_rl>ik Kucha rbru. All rijjhu rtiervcd 



Page 756 of 1068 





Task 2 

Configure the border routers to change the next hop IP address to an internal IP address. 






On R2. R3 and R4 

R2(config)#ro Liter bgp 100 
R2(eonfig-routcr)r*rieighbor 10.1.1.1 next-hop-sdf 

To verity the configuration: 

(Jn Rl 

R ISShow ip bgp b Network 

Network Next Hop Metric LocPrf Weight Path 
*>i5 .0.0.0 10.1.1.2 100 200i 
*i 10.1.1.3 100 200 i 






Task 3 

Configure the routers in AS 1 00 such that Rl distributes traffic proportionally over the 
external links to reach prefix 5.0.0.0 '8, the load balancing should be done based on the 
bandwidth of the links between the border routers of this AS and AS 200. 






Tht unequal cost load balancing feature is used in conjunction with BGPmultipath 
feature to advertise the exit link's bandwidth as an extended community to IBGP 
peers, this feature is used for links between directly connected EBGP neighbors and 
available in I OS release 12.2(21.1 or better. 

To configure this feature, the following steps should be performed: 

1. Enable the BGP dmzlink-bw feature: 

This is accomplished by configuring the "BGP dmxlink-hw'" router 
configuration command, this must be configured on the border routers and 
the internal routers 

2. Configure BGP to include the link bandwidth value of the external interface 
in extended community so they can be propagated to IBGP peers. This is 
accomplished through the "Neighbor dmzlink-bw" muter configuration 
mode command. 




cc 


IE R&** b> Narblk kuchar-ians Advanced CCIE R&S Work Book 2.11 Page 757 of It 

C2Q09 Virbik Kucha rian«. All rnjhLi reserved 


)68 



Remember, for this feature to work, Rl must have an equal IGP cost and BGP 
attributes or else the feature will NOT work. Note the bandwidth of the links 
connecting the border routers R2, R3 and R4 to AS 200 is set to 64K, 128K and 
192K respectively. 

On Rl 



Rl*Showipbgp 5. 0.0.0 

BGP routing table entry tor 5.0.0.0/8, version 2 
Paths: (2 available, best #2, tabic Dcfau It-IP-Routing- Table) 
Flag: 0x820 
Not advertised to any peer 
200 
10.1.1 J from 10. 1.1.3 (10.1.35.3) 
Origin IGP, metric 0, localprcf 100. valid, internal 
200 
10.1.1.2 from 10.1.1.2(10.125.2) 
Origin 1GP, metric 0, localprcf 100, valid, internal, best 

RlsShowip route 5.0.0.0 

Routing entry for 5.0.0.0/8 
Known via "bgp 1 00", distance 200, metric 
Tag 200, type interna! 
Last update from 10.1.1.2 00:00:30 ago 
Routing Descriptor Blocks: 
* 10.1.1.2, from 10.1.1.2, 00:00:30 ago 

Route metric is 0, traffic share count is 1 

AS Hops 1 

Route tag 200 

Note BGP table identifies ONLY one of the routes as the best, in this case since al 
the attributes are equal, and the "BGP Bestpath compare- route rid'" command is 
NOT configured, the neighbor with the lowest IP address was chosen. 

To configure the task: 

On Rl 

The following allows the local router to have three equal IBGP cost paths: 

R 1 (eonfig^Routcr bgp 100 
Rl(config-routcr)"maxiinum-path ibgp 3 



CCIE R&«* by NarMk Kuchariaiw Advanced CC1E R&S Work Book 2.0 Page ?S8afl068 

£ 2009 Xarbik Kucha runi. All rig lib reserved 



On R2. R3 and R4 

Rx(config)#ro utcr bgp 100 

Rxfconfig-routcr^neighbor 1(1.1.1.1 send- eo mm unity extended 

Rx(config-routcr)#bgp dmzlink-hvv 

On R2 

R2(config)#routcrbgp 100 

R2(config-routcr)# neighbor 10.1.25.5 dmzlink-bu 

On R3 

R3(config)#roLitcr bgp 100 
R3(config-roLitcr)#neighbor 10.1.35.5 dmzlink-bu 

On R4 

R4 (c o n figure liter bgp 1 00 

R4(config-routcr ^neighbor 10.1.45.5 dirudink-lm 

To vL'rit'y the configuration : 
On Rl 

Rl*Sho\vipbgp 5. 0.0.0 

BGP routing tabic entry for 5.0.0.0/8, version 2 

Paths: (3 available, best S2, tabic Dciault-lP-Routing-Tablc) 

Multipath: iBGP 

Flag: 0x820 

Not advertised to any peer 

200 

10. 1.1.2 from 10. 1.1.2 (10.125.2) 

Origin 1GP, metric 0, localprcf 100, valid, internal, multipath 
DMZ-UnkBw 8 kbytes 
200 
10.1.1.4 from 10.1.1.4(10.1.1.4) 

Origin 1GP, metric 0, localprcf 100, valid, internal, multipath, best 
DMZ-LinkB* 24 kbytes 

200 

10.1.1.3 from 10.1.1.3 (10.1.35.3) 



CCIE R&* by Narbik KueharLaiw Advanced CCIE R&S Work Book 2.0 Page ?S9a/1068 

C 2009 Narhik Kucha rianx All riflhU raervetl 



Origin 1GP, metric D, localprcf 100, valid, internal, rnultipath 
DMZ-LinkBw 16 kbytes 

Rl*Shwip route 5.0.0.0 

Routing entry for 5.0.0.0. 8 
Known via "bgp 1 00". distance 200, metric 
Tag 200, type internal 
Last update from 10. 1.1.3 00504:46 ago 
Routing Descriptor Blocks: 
1 0.1.1 .4, fam 10.1. 1 .4, 00:04:46 ago 

Route metric is 0, traffic share count is 1 

AS Hops 1 

Route tag 200 
1 0. 1. 1 .3, Irani 10.1 . 1 .3, 00:04:46 ago 

Route metric is 0, traffic share count is 1 

AS Hops 1 

Route tag 200 
* 10.1.1.2, from 10.1.1.2, (X):04:46 ago 

Route metric is 0, traffic share count is 1 

AS Hops 1 

Route tag 200 

Note the traffic count is 1, in order to have the BGP table reflect on this counter, the 
"BGP d mil ink- bw" must be con figured, as follows: 

On Rl 



R 1 (configure liter bgp 1 00 

Rl (config-routcr)nbgp dm/link-hvi 

To verify the configuration: 
On Rl 

RlnShow ip route 5.0.0.0 

Routing entry for 5.0.0.0/8 
Known via '"bgp 100", distance 200, metric 
Tag 200, type internal 
Last update from 10. 1 . 1 .3 00: 00:40 ago 

Routing Descriptor Blocks: 

1 0. 1. 1 .4, from 1 0. 1 . 1 .4, 00:00:40 ago 



CHE R&l$ by Narbik Kucharians Advanced CCIE R&S Work Book 2.0 Page ?60oflQ68 

C2009 Narbik Kocluiruiiu. All rij|hu rcirrved 



Route metric is 0, traffic Share 


count 


is 2 




AS Hops 1 










Route tag 200 










10.1.1.3, irom 10.1.1.3, 


00:00:40 


ago 






Route metric is 0, traffic share 


count is 1 




AS Hops 1 










Route tag 200 










* 10.1.1.2, from 10.1.1.2, 


00:07:53 


ago 






Route metric is 0, trail 


c share 


count 


is 24 




AS Hups 1 










Route tag 200 










Note the feature does not 


work ur 


less it 


iS LilL 


hied. 



task 4 

Erase the startup configuration on all routers before proceeding to the next lab. 



CCIE R&* by Narvik Kuehuriaiw Advanced CCIE R&S Work Book 2.0 Page 761 of 1068 

C2009 Narbik Kucha rianx All rijjhu rcirncd 



Lab 1 1 - Local-Preference -I 



AS 100 



/ 



••-. 




AS 200 



Lab Setup: 

> Configure the routers that arc connected to the frame-relay clouds in a no int-to- 
point manner. 

> Rl and R4's FGVO interface should be configured in VLAN 14. 

> R2 and R3's FO/0 interlace should be configured in VLAN 23. 
*> L'sc the following IP addressing chart for IP address assignment. 



CCIE R&<* by NarMk Kuchariuiw Advanced CCIE R&S Work Book 2.0 

£ 3009 NarbibKuchariam. All riflhU rtserved 



Page 762 of 1068 



IE 



addressing: 



Router 


Interface 


IP Address 


AS number 


Rl 


LoO 
Lol 

SOU 12 
FO/0 


1.1.1.1 8 

1 I.I.I. 1 8 
10.1.12.1 .24 
10. 1. 1 4.1 24 


100 


R2 


LoO 
SO/0.21 

mm 


2,2,2,2/8 
10.1.12.2/24 
10.1.23.2 24 


200 


R3 


LoO 
FO/0 
SO 0.34 


1 1 1 I ,'M 

}JJJ .'0 

10.1.23.3.24 
10.1.34.3 24 


200 


R4 


i.i.ii:) 

FO/0 
S070. 43 


4.4.4.4 '8 
10.1.14.4 24 
10.1.34.4 24 


200 



1 ask 1 

Conligure routers R2. R3 and R4 :n AS 200. these routers should have III! mesh peer 
session between them. Routers R2 and router R4 should have EBC3P peer session to Rl in 
AS 100. BGP routers should ONLY advertise their kxjpbaek interface's in BGP. Provide 
XLR] lor the links using RlPv2, disable automatic summarization. 



On Rl 

R 1 (c o n fig- ii> ro ut cr bgp 1 00 
R I (c o n fig-ro u tcr)#no au 

Rlfeonfig-routcr)f*nc3ghbor 10.1.14.4 remote- as 200 
Rl (eon fig-ro utcr)#ncighbor 10.1.12.2 remote- as 200 
R 1 (c o n fig-ro u tcr)#nctw 1 1 . 0. 0. 
Rl ico n fig-ro utcr^nctw 1.0. 0.0 

R 1 ( c o n fig-ro u tcr rip 

R 1 (eon fig-ro utcr)#no au 

Rl (config-routcr)#vcr 2 

Rl (config-routcr^nctwork 10.0.0.0 

On R2 

R2i;eonfig,Wroutcr bgp 200 
R2lconfiy;-routcr)"no au 



CC'IE R&Si b* Narbik Kuirharians 



Ad* anced CCIE R&S Work Book 2.0 

C 2009 Varbik Kucha rianx All rights rncrvnl 



Page 763 of 1068 



R2(config-routcr)#no syn 










R2(config-roLitcr)#nctw 2.0. 0.0 








R2 (c o n fig-ro u t er)# neighbor 


10.1 


12.1 


remote- as 


100 


R2 (c o n fig-ro u t cr)r*ncighbo r 


10.1 




remote- as 


200 


R2 fc o n fig-ro u tcr)#ncighbo r 


10.1 


34.4 


rcmotc-as 


200 


R2 (con figure utcr rip 










R2 (con fig-ro utcr)#no au 










R2 (c o n fig-ro u tcr)#vcr 2 










R2 (c o n fig-ro u tcr)#nct w 1 . 0, 0. 








On R3 










R3 (c o n fig-ro u t cr bgp 20 










R3(config-roLitcr)^no au 










R 3 (con fig-ro utcr)#no syn 










R 3 (c o n fig-ro u tcr)#nct\v 3 . 0. . 








R3(config-routcr)f* neighbor 


10.1 


34.4 


remote- as 


200 


R 3 (c o n fig-ro u t cr)#ncighbo r 


10.1 


23.2 


rcmotc-as 


200 


R 3 (c o n fig-ro u tcr rip 










R3 (con fig-ro utcr)# no au 










R 3 (c o n fig-ro u tcr)# vcr 2 










R 3 (c o n fig-ro u tcr)#nct\v 1 . 0. 0. 








On R4 










R4(config)#ro utcr bgp 200 










R4 (c o n fig-ro u tcr)#no syn 










R4(config-roLitcr)f#no au 










R4 (c o n fig-ro u tcr)#nctw 4 . 0. . 








R4 (c o n fig-ro u tcr)#ncighbo r 10.1 


34.3 


rcmotc-as 


200 


R4 (c o n fig-ro u t cr) #ncighbo r 


10.1 


23.2 


rcmotc-as 


200 


R4(config-routcr)f# neighbor 


10.1 


14.1 


rcmotc-as 


100 


R4(config)#ro Liter rip 










R4 (con fig-ro utcr)#no au 










R4 (c o n fig-ro u t ftr)# vftr 2 










R4(c onfig-rou tcr)nnct\v 1 0. D. 0. 









CCIE R&* by Narbik Kuehariaiw Advanced CCIE R&S Work Book 2.0 Page 764 of 1068 

C2009 N«rl>ik Kucha rum. All righti roerved 



Task 2 

Ensure that the routers in AS 200 use R4 to reach network 1 .0.0.0 .'8 in AS 1 00. Local- 
Pref attribute must be used to accomplish this task. 



Before this attribute is configured, the existing BGP table of the routers in AS 200 
should be examined, as followed: 

On Rl 



Rl*Sh ip bap 

BGP table version is 6, local router ID is 1 1 . 1 . 1 . 1 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

r RIB -failure, S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 



Network 


Next Hop 


Metric 


LocPrf Weight Pftd 


*> 1.0.0.0 


0.0.0.0 





32768 i 


* 2.0.0.0 


10.1.14.4 




200 


*> 


10.1.12-2 





200 


* 3.0.0.0 


10.1.12.2 




200 


*> 


10.1.14.4 




200 


* 4.0.0.0 


10.1.12-2 




200 


*> 


10.1.14.4 





200 


*> i 1.0.0.0 


0.0.0.0 





32768 i 


On R2 








R2#Sh in bap 









BGP table version is 6, local router ID is 222.2 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

rRlB-failurc, S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 



*i 1.0.0.0 


10.1.14.1 





100 


100 


*> 


10.1.12.1 


i) 




100 


*> 2.0.0.0 


0.0.0.0 







32768 i 


*>i3 .0.0.0 


1 0. 1 .23.3 





100 


Oi 


*>i4 .0.0.0 


1 0. 1 .34.4 





100 


Ml 


* ill. 0.0.0 


10.1.14.1 





100 


€ 100 


*> 


10.1.12.1 







100 



CHE R&l$ by NarMk Kucharians Advanced CC1E R&S Work Book 2.0 Page ?6SoflQ68 

C 2009 Narbik Kucharum. All righU rcirrvfii 













On R3 








R3#Sh ip bgp 








BGP tabic version is 6, local router ID is 3.3.3.3 

Status codes: s suppressed, d damped, h history. * valid, > best, i - internal, 

rRlB-iailurc, S Stale 
Origin codes: i - 1GP, c - EGP, '.' - incomplete 








Network Next Hop Metric LocPrf Weight Path 
*i 1.0.0.0 10.1.14.1 100 OlOOi 
*>i 10.1.12.1 100 1 (KM 
*>i2.0.0.0 10.1.23.2 100 Oi 
*> 3.0.0.0 0.0.0.0 32768 i 
*>i4. 0.0.0 10.1.34.4 100 Oi 
* ill. 0.0.0 10.1.14.1 100 OlOOi 
*>i 10.1.12.1 100 OlOOi 








On R4 








R4*Sh ip bgp 








BGP tabic version is 6, local router ID is 4.4.4.4 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

r RIB -failure, S Stale 
Origin codes: i - 1GP, c - EGP, 7 - incomplete 








Network Next Hop Metric LocPrf Weight Path 
*i 1.0.0.0 10.1.12.1 100 OlOOi 
*> 10.1.14.1 OlOOi 
*>i2 .0.0.0 10.1.23.2 100 Oi 
*>i3 .0.0.0 10.1.34.3 100 Oi 
*> 4.0.0.0 0.0.0.0 32 "68 : 
*ill.0.0.0 10.1.12.1 100 OlOOi 
*> 10.1.14.1 OlOOi 








Note Routers R2 and R3 are taking the R2-R1 link to connect to netuoi 


k 1.0.0.0 8. 






On R4 








R4lconfig)#acccss-list 1 permit 1 .0.0.0 0.255.255 ?55 








R4 (c o n fig )£ route- map TST permit 10 
R4 (c o n fig-ro utc- map )# match ip addr 1 






cc 


IER&*sb> .Whikkucharian-i Ad\ an ccd CCIE R&S Work Book 2.11 

C2Q09 >>arl>ik Kucha rianx All rijhu reserved 


Page 766 of It 


168 



R4 (c o n fig -ro utc- map )# set Local-preference 400 

R4(config)n route- map TST permit 20 

R4 (c o n fig-ro u t c- map ) # ro li t cr bgp 20 
R4(config-router)#ncighbor 10.1.14.1 route- map TST in 

The local preference attribute is used to prefer an exit point from the local AS. 
Unlike the weight attribute, the local preference attribute is propagated throughout 
the local AS. If there are multiple exit points from the local AS, the local preference 
attribute is used to select the exit point for a specific or all routes. Since the local 
preference attribute a fleets the routers within the AS, the route- map should be 
configured in the "in" direction. Remember that with local preference the higher 
value has better preference. 

To verify the configuration: 

On R2 

R2*Sh ip bgp 

BGP tabic version is 9, local router ID is 222.2 

Status codes: s suppressed, d damped, h history. * valid* > best* i - internal;, 

r RIB -iailurc s S Stale 
Origin codes: i - IGP, c - EGP. '.' - incomplete 

Metric LocPrf Weight Path 
(I 4 (HI 100 i 

100 i 



Network 


Next Hop 


*>il.0.0.0 


[0.1.14.1 


* 


10.1. 12.1 


*> 2.0.0.0 


0.0.0.0 


*>i3 .0.0.0 


1 0. 1 .23.3 


*>i4 .0.0.0 


1 0. 1 .34.4 


♦ill. 0.0.0 


10.1.14.1 


*> 


10.1.12.1 


On K3 




R3r*Sh ip bgp 










32768 i 





100 


Oi 





1 00 


Oi 





100 


100 







100 



BGP tabic version is 10, local router ID is 3.3.3.3 

StatLis codes: s suppressed, d damped, h history, * valid, > best, i ■ internal, 

r RIB -failure, S Stale 
Origin codes: i - 1GP, e - EGP, ? - incomplete 



CCIE R&<> by \nrUk Koehariuits Advanced OCIE R&S Work Book 2.11 Page ?6?oflQ68 

C2Q09 Narbik Kucha rianx All righla rcirnril 













Network Next Hop Metric LocPrf Weight Path 








*>il. 0.0.0 10.1.14.1 400 OlOOi 








*>i2 .0.0.0 10.1.23.2 100 Oi 








*> 3.0.0.0 0.0.0.0 32768 i 








*>i4 .0.0.0 10.1.34.4 100 Oi 








♦ill. 0.0.0 10.1.14.1 100 100 i 








*>i 10.1.12.1 100 100 i 








On R4 








R4*Sh ip bgp 








BGP table version is 8, local router ID is 4.4.4.4 








Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 








r RIB -failure, S Stale 








Origin codes: i - 1GP, c - EGP, ? - incomplete 








Network Next Hop Metric LocPrf Weight Path 








*> 1.0.0.0 10.1.14.1 400 OlOOi 








*>i2 .0.0.0 10.1.23.2 100 Oi 








*>i3 .0.0.0 10.1.34.3 100 Oi 








*> 4.0.0.0 0.0.0.0 32768 i 








*> 11.0.0.0 10.1.14.1 OlOOi 








*i 10.1.12.1 100 OlOOi 








Note the routers in AS 200 take the R4-R1 link to connect to network 1.0. 0.0' 8. 






Task 3 




Ensure that the routers in AS 200 use R2 to reach network 1 1 .0.0.0 .'8. Local -P re f 




attribute must be used to accomplish this task. 






Before this attribute is confiyui'ed, the existing BGP tahle of the routers in AS 200 








should he examined, as followed: 








On R2 








R2*Sh ip bgp 








BGP table version is 9, local router ID is 2 22.2 








Status codes: s suppressed, d damped, h history. * valid. > best, i - internal, 






CC 


IE R&* b) Narblk KuLharians Advanced CCIE R&S Work Book 2.0 Page ?6H 


vflt 


US 


C 2009 Narlrik. Kucha riaiu. All rijjhU reserved 















r RIB -failure, S Stale 








Origin codes: i - 1GP. e - EGP. '.' - incomplete 








Network Next Hop Metric LocPrf Weight Path 








*>il. 0.0.0 10. 1.14. 1 400 " 100 i 








* 10.1.12.1 OlOOi 








*> 2.0.0.0 0.0.0.0 32768 i 








*>i3 .0.0.0 10. 1 .23.3 100 Oi 








*>i4 .0.0.0 10.1.34.4 100 Oi 








♦ill. 0.0.0 10.1.14.1 100 I0O i 








*> 10.1.12.1 01 (KM 








On 113 








R3#Sh ip bgp 








BGP tabic version is 10, local router ID is 3.3.3.3 








Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 








rRlB-iailurc, S Stale 








Origin codes: i ■ 1GP, c ■ EGP, ? ■ incomplete 








Network Next Hop Metric LocPrf Weight Path 








*>il .0.0.0 10.1.14.1 400 " 100 i 








*>i2. 0.0.0 10.1.23.2 100 Oi 








*> 3.0.0.0 0.0.0.0 32768 i 








*>i4 .0.0.0 10.1.34.4 100 Oi 








* ill. 0.0.0 10.1.14.1 1.00 100 i 








*>i 10.1.12.1 100 D 100 i 








On R4 








R4*Sh ip bgp 








BGP tabic version is 8, local router ID is 4.4.4.4 








Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 








rRlB-iailurc, S Stale 








Origin codes: i - 1GP, c - EGP, ? - incomplete 








Network Next Hop Metric LocPrf Weight Path 








*> 1.0.0.0 10.1.14.1 400 100 i 








*>i2 .0.0.0 10.1.23.2 100 Oi 








*>i3 .0.0.0 10.1.34.3 100 Oi 








*> 4.0.0.0 0.0.0.0 32768 i 








*> 11.0.0.0 10.1.14.1 1 (KM 






cc 


IE R&* In Narbik Kueharlans Advanced CCIE R&S tturk Book 2.0 


Page 769 of It 


168 


C2009 Xarbik Kucha riim All riflhu rtserved 





*i 10.1.12.1 100 i) 10 ; 

Note muter R4 is taking the R4-R1 link to connect to network 11.(1.0.(1. 

On R2 

R2(config)#acccss-list 11 permit 1 1. 0.0.0 0.255.255.255 

R2(config)#routc-map TST permit 10 

R2(config-roLitomap)nmatch ip addr 1 1 

R2(c onfig-rou tc-map )#sct Local-p reference 400 

R2 (con figure utc- map TST permit 20 

RZiconfig-routc-map .^router bgp 200 
R2(config-router)f# ; ncighbor 10.1.12.1 route- map TST in 

To verify the configuration: 



On R2 

R2*Sh ip bgp 

BGP tabic version is 6, local muter ID is 2 22.2 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

r Rl B - tail Lire, S Stale 
Origin codes: i - 1GP, e - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 



* 1.0.0.0 

*>i 

*> 2.0.0.0 

*>B .0.0.0 

*>i4 .0.0.0 

*> 11.0.0.0 


10.1.12.1 
10.1.14.1 
0.0.0.0 
10.1.23.3 
10.1.34.4 
10. 1.12.1 











400 

100 
100 
400 


100 : 
1 00 i 
32768 i 

Oi 

Oi 

lOOi 


On R3 










R3*Sh ip bgp 











BGP tabic version is 14, local router ID is 3.3.3.3 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

r RIB -tail urc, S Stale 
Origin codes: i • 1GP, c ■ EGP, '- 1 ■ incomplete 



CCIE R&*» b* Narblk Kuirhariuiw Ad* anced CC1E R&S Work Book 2.0 Pqge ~?0oflQ68 

C 2009 Narbik Kocharians. All rij|liU reserved 













Network Next Hop Metric LocPrf Weight Path 
*>il. 0.0.0 10.1.14. 1 400 100 i 
*>i2 .0.0.0 10.1.23.2 100 Oi 
*> 3.0.0.0 0.0.0.0 32768 i 
*>i4 .0.0.0 10.1.34.4 100 Oi 
*>i 11.0.0.0 10.1.12.1 400 100 i 








On R4 








R4#Sh ap bfzp 








BGP table version is 1 1 , local router ID is 4.4.4.4 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

rPvlB-iailurc, S Stale 
Origin codes: i - 1GP. c - EGP. 7 - incomplete 








Network Next Hop Metric LocPrf Weight Path 
*> 1.0.0.0 10.1.14.1 400 100 i 
*>i2 .0.0.0 10.1.23.2 100 Oi 
*>i3 .0.0.0 10.1.34.3 100 Oi 
*> 4.0.0.0 0.0.0.0 32768 i 
*>i 11.0.0.0 10.1.111 400 100 i 
* 10.1.14.1 OlOOi 








Note the routers in AS 200 connect to network 1 1.0.0.0 '8 by going through R2-R1 
link. 






Task 4 




Erase the startup con tig and reload the routers he tore proceeding to the next lab. 




CCIE R&5, by Narbik Kucharians Advanced CCIE R&S Work Book 2.0 Page 771 

C2009 \*rl>ik Kudu runt. All rijjlitj raerved 


of 1668 



Lab 12 - BGP Local-Preference - II 



s 



/ 



/ 



AS 100 

10.1.1.0/24 




AS 100 



■s 



=0/01.1 



10.1.1.0/24 



\ 



\ 



\ 




\ 



AS 200 



/ 



N 



\ 



/ 



/ 



---. 



CCIE R&* by \nrUk Kuehariaiw Advanced CCIE R&S Work Book 2.IJ 

£ 3009 Varbik Kucha riani. All rijjhu rciervcii 



Page "72ofl06H 



Lab Setup: 

> Configure F ().'() interface of R I . R2, R3 and R4 should be configured in VLAN 
100. 

> Configure the frame-relay connections in a pa int-ta-point manner. 
** L'sc the IP addressing chart below ibr IP address assignment. 



IP aLlilfL'ssin": 



Router 


I nt erfa c e / IP ad d ress 


VI A\ 


Rl 


F0.0 = 10. I.I.I 24 


100 


R2 


FWl)= I 0.1. 1.2/24 
SO/0.25 =10.1.25.2 24 


100 


R3 


SO 0.35= 10J.153/24 
F0 = 10. 1.1.3 .'24 


1 00 


R4 


F00 = 10.1.1.4/24 

SO/0.45 =10.1.45.4 /24 


100 


R5 


SO 0.54= 10.1.45.5 24 
SO 0.53= 10.1.35.5/24 
SO; 0.52= 10.1.25.5/24 
Lo0 = 5.5.5.5/8 





Task I 



Configure peering according to the diagram. 



On Rl 

R I (config^ro Liter bgp 1 00 
Rl iconfig-routcr)r*ncighbor 10.1.1.2 remote 100 
Rl (config-routcr)#ncighbor 10.1 . 1.3 remote 1 00 
R 1 icon fig -rou tcr)#ncighbor 10.1.1.4 rcmot c 1 

On R2 

R2iconfig)#routcrbgp 100 
R2i'L'onfig-routcr)f»no au 



CCIE R&S bv Narbik Kuchariansi 



Advanced CCIE R&S Work Book 2.0 

C 2009 Nvbik Kucha rlim All rnjhu raerved 



Page 773 of 1068 



R2 (eon fig- 


routerj-neighbur 


1 0. i 


1.1 remote 100 


RZfconfig- 


router)** neighbor 


10.1 


1.3 remote 100 


R2(config- 


routcr)**ricighbor 


10.1 


1.4 remote 100 


RZfconfig- 


router)?* neighbor 


10.1 


25.5 remote 200 


On R3 








R3(config)**routcrbgp 100 






R3 (eon fig- 


router)?* no ail 






R 3 (con fig- 


routcr)**ncighbor 


10.1 


1. 1 remote 100 


R 3 (con fig- 


router)?? neighbor 


10.1 


1.2 remote 100 


R 3 (con fig- 


router)?* neighbor 


10.1 


1.4 remote 100 


R3 (con fig- 


rou tcr)**ncighbor 


10.1 


35.5 remote 200 


R3 (con fig- 


router)?? neighbor 


10.1 


35.5 remote 200 


On R4 








R4(config)r*ro Liter bgp 100 






R4 (con fig- 


router)?* no an 






R4 (con fig- 


rou tcr ^neighbor 


10.1 


1. 1 remote 100 


R4(config- 


ro u t cr)r*ncighbo r 


10.1 


1.2 remote 100 


R4 (con fig- 


routcr)T*ncighbor 


10.1 


1.3 remote 100 


R4 (con fig- 


rou tcr)T*ncighbor 


10.1 


45.5 remote 200 


On R5 








R5 (c o n fig)**ro u tcr bgp 20 






R .5 (con fig- 


routcr)*rno au 






R 5 (con fig- 


router)?* neighbor 


10.1 


25.2 remote 1 00 


R 5 (con fig- 


routcr)T*ncighbor 


10.1 


35.3 remote 1 00 


R 5 (con fig- 


rout cr)**ncighbo r 


10.1.45.4 remote 100 


R 5 (con fig- 


router)?? network 


5.0.0 





To verily the configure 


tion 


: 


On kl 








Rl#Show 


p bgp b Network 




Network 


Next Hop 




Metric LocPrf Weight Path 


*i5. 0.0.0 


10.1.25.5 




100 200i 


*i 


10.1." *? 




100 200 i 



CCIE R&«* bv Narbik KucharLans 



Advanced CC1 E R&S Work Book 2.0 

C 2009 Narbik Kucha riani. All riflhu reserved 



Page 774 of 1068 





Task 2 

Configure the border routers to change the next to an internal IP address. 






On \U. R3 and R4 

R2(config ^router bgp 100 
R2(conf]g-routcr)#rjcighbor 1 .0.1 . 1. 1 next- hop -self 

In verify the eonfiauraition: 

On Rl 

R I "Show in bjjp B Network 

Network Next Hop Metric LocPrf Weight Path 

* i5 .0.0.0 10.1.1.3 100 200 i 
*>i 10.1.12 100 200i 

* i 10.1.1.4 100 200 i 






Task 3 

Configure R2. R3 and R4 such that R 1 takes R4 as the primary and R3 as the backup, if 
R4 and R3 arc both down, then it should take R2 to reach Network 5.0.0.0 8. You must 
use local preference to accomplish this task. 






On R2 

R2(config)#ro utcr bgp 100 

R2(config-routcr)#bgp default local- p reference 200 
R2(config-routcr)#do clc ip bgp * out 

On R3 

R3(config)#routcrbgp 100 

R3(config-routcr)#bgp default local-p reference 300 
R 3 (con fig-router)?* do ex ip bgp * out 

On R4 




cc 


IE R&* b> Narbik Kochariami Advanced CCIE R&S Work Book 2.0 Page 775ofIi 

C 1009 Narbik Kucha rim m. All rights mervctl 


US 



R4(config-router)#bgp default local- p reference 400 
R4(config-routcr)#-do cle ip bgp * out 



To verify the configuration: 



On Rl 

Rl^Show ip bgp b Network 

Network Next Hop Metric LocPrf Weight Path 

*>i5 .0.0.0 10 J. 1.4 400 200 

Rl*Sho\vipbgp 5.0.0.0 

BGP routing table entry lor 5.0.0. 08, version 6 
Paths: (1 available, best #1, table Default-] P-Routing-Tablc) 
Not advertised to any peer 
200 
1 0.1. 1.4 from 10.1.1.4(10.1.45.4) 
Origin 1GP, metric 0, localprcf 400, valid, internal, best 



To test tin- configuration : 



On Rl 

Rl-Traccroutc 5.5.5. 5 

Type escape sequence to abort. 
Tracing the route to 5.5.5.5 

1 10.1 1 .4 msec 4 msec msec 

2 10.1.45.5 32 msec * 28 msec 



Task 4 

Remove the configuration from the previous task and re-configure the same task using 
another method. DC) NOT use neighbor 10.1.25.5, 10.1.35.5 or 10.1.45.5. You should use 
local preference to accomplish this task. 



CCIE R&*> by Narbik Kueharians Advanced CC1E R&S Work Book 2.0 Page ??6oflQ68 

C 2009 Varbik Kucha runs. All rnjltti reserved 



On R2 

R2iconfig)#routcrbgp 100 

R2(config-routcr)#M) bgp default local-preference 200 

R2iconfig-routcr)#do clc ip bgp * out 

On K3 

R3 (c o n figJS ro u t cr bgp 100 

R3(config-routcr)#\0 bgp default local-prcfcrcncc 300 

R3(GOnfig-roiiter)#do clc ip bgp * out 

On R4 

R4(config-routcr)#NO bgp default local- preference 400 
R4(eonfig-routcr)# : do clc ip bgp * out 



To verify the configuration: 



On kl 

Rl#Show ip bgp b Network 

Network Next Hop Metric LocPrf Weight Path 

* i5 .0.0.0 10.1.1.3 100 ' 200 
*>i 10.1.1.2 100 200 

* i 10.1.1.4 ION 200 

To configure tliL 1 (ask: 
On K2 

R2(config)#routc-map TST permit 10 
R2(config-routc-map)#sct local-prcfcrcncc 200 
RJZfconfig-routomapjTrroLitc-map TST permit 20 

R2iconfig)#Routcrbgp 100 

R2(con%-routcr)r#neighbor HI. 1.1.1 route-map TST OUT 

R2(config-routcr)#uo clc ip bgp * out 

On R3 

R3(config)#routc-map TST permit 10 

R 3 (con fig -route- map)* set local-prcfcrcncc 300 



CCIE R&S by Niu-Hk Kuchariuns Advanced CCIE R&S Work Book 2.11 Page ~??oflQ68 

C 2009 Narbik. Kucha riani. All rig lib reserved 



R 3 (con fig-route* map)* route* map TST permit 20 

R3i;config)r*Routcr bgp 100 

R3(config-routcr)r i neighbor 1(1.1.1.1 route-map TST OUT 

R3(eonfig-routcr)#do clc ip bgp * out 

On K4 

R4 (co n fig )# route- map TST permit 10 

R4 (con fig-route- map )#set local- p re fcrcncc 200 

R4(config-routc-map)#routc*map TST permit 20 

R4(config)#Routcr bgp 100 

R4(config-routcr)# neighbor 10.1.1.1 route-map TST OUT 

R4(config-routcr)#do clc ip bgp * out 

To test the e»nli»uriition: 
On Kl 



Rl*Show ip bgp b Network 

Network Next Hop 

* i5 .0.0.0 10.1.1.3 

* i 10.1.1.2 
*>i 10.1.1.4 

R 1 -Trace-route 5.5.5.5 

Type escape sequence to abort. 
Tracing the route to 5.5.5.5 

1 1 0.1 .1 .4 msec 4 msec msec 

2 10.1.45.5 28 msec* 28 msec 



Metric LocPrf Weight Path 
300 ~ 200 i 
200 200 i 

i) 400 2 (KM 



I ask 5 



Erase the startup configuration on all routers before proceeding to the next lab. 



CCIE R&*> bv NarMk KuL-harians 



Advanced CCIE R&S Wurk Book 2.0 
C2009 Varbik Kucha runi. All rijjhu reiervcii 



Page 778 of J068 



Lab 13 - The AS-Path Attribute 



AS 100 




Lal> Setup: 

> Configure the routers that arc connected to the frame- re lay clouds in a po int-to- 
point manner. 

> R l and R4's FO/0 interface should be configured in VLAN 14. 

> R2 and R3's FO/0 interface should be configured in VLAN 23. 

> Use the following IP addressing chart for IP address assignment. 



CCIE R&«* by Narhik Kuehariamt Advanced CCIE R&S Work Book 2.0 

C2009 Nvbik Kucha riani. All rijjhu rciervcii 



Page 779 of 1068 



II J a licit "cssing: 



Router 


Interface 


IP Address 


AS number 


Rl 


LoO 

Lol 

SO/0. 1 2 
FO/0 


1.1.1.1 8 

1 I.I.I. 1 8 
10. 1.1 2.1 .24 
10. 1. 1 4.1 24 


100 


R2 


LoO 
SO/0.21 

mm 


2,2,2,2/8 
10.1.12.2/24 
10.1.23.2 24 


200 


R3 


LoO 
FO/0 
SO 0.34 


1 1 1 I ,'M 

}JJJ .'0 

10.1.23.3 24 

10.1.34.3 24 


200 


R4 


LoO 
FO/0 
SO (1.43 


4.4.4.4 '8 
10.1.14.4 24 
10.1.34.4 24 


200 



Task 1 

Conligure routers R2. R3 and R4 :n AS 200. these routers should have III! mesh peer 
session between them. Routers R2 and router R4 should have EBC3P peer session to Rl in 
AS 100. BGP routers should ONLY advertise their kxjpbaek intcrikec/s in BGP. Provide 
XLR] lor the links using RlPv2, disable automatic summarization. 



On Rl 

R 1 (c o n fig- it> ro ut cr bgp 1 00 
R I (c o n fig-ro u tcr)f#no au 

Rlfeonfig-routcr)f*nc3ghbor 10.1.14.4 remote- as 200 
Rl(config-router)#ncighbor 10.1.12.2 remote- as 200 
R 1 (c o n fig-ro u tcr)#nctw 1 1 . 0. 0. 
Rl ico n fig-ro utcr^nctw 1.0. 0.0 

R 1 ( c o n fig-ro u tcr rip 

R 1 (eon fig-ro utcr)#no au 

Rl (config-routcr)#vcr 2 

Rl (config-routcr^nctwork 10.0.0.0 

On R2 

R2i;eonfig,Wroutcr bgp 200 
R2iconfiy:-routcr)"no au 



CC'IE R&Si b* Narbik Kuirharians 



Ad* ancid CCIE R&S Work Book 2.0 

C 2009 Varbik Kucha rianx All rights racrvnl 



Page "80 of 1068 



R2(config-routcr)#no syn 










R2(config-roLitcr)#nctw 2.0. 0.0 








R2 (c o n fig-ro u t er)# neighbor 


10.1 


12.1 


remote- as 


100 


R2 (c o n fig-ro u t cr)r*ncighbo r 


10.1 




remote- as 


200 


R2 fc o n fig-ro u tcr)#ncighbo r 


10.1 


34.4 


rcmotc-as 


200 


R2 (con figure utcr rip 










R2 (con fig-ro utcr)#no au 










R2 (c o n fig-ro u tcr)#vcr 2 










R2 (c o n fig-ro u tcr)#nct w 1 . 0, 0. 








On R3 










R3 (c o n fig-ro u t cr bgp 20 










R3(config-roLitcr)^no au 










R 3 (con fig-ro utcr)#no syn 










R 3 (c o n fig-ro u tcr)#nct\v 3 . 0. . 








R3(config-routcr)f* neighbor 


10.1 


34.4 


remote- as 


200 


R 3 (c o n fig-ro u t cr)#ncighbo r 


10.1 


23.2 


rcmotc-as 


200 


R 3 (c o n fig-ro u tcr rip 










R3 (con fig-ro utcr)# no au 










R 3 (c o n fig-ro u tcr)# vcr 2 










R 3 (c o n fig-ro u tcr)#nct\v 1 . 0. 0. 








On R4 










R4(config)#ro utcr bgp 200 










R4 (c o n fig-ro u tcr)#no syn 










R4(config-roLitcr)f#no au 










R4 (c o n fig-ro u tcr)#nctw 4 . 0. . 








R4 (c o n fig-ro u tcr)#ncighbo r 10.1 


34.3 


rcmotc-as 


200 


R4 (c o n fig-ro u t cr) #ncighbo r 


10.1 


23.2 


rcmotc-as 


200 


R4(config-routcr)f# neighbor 


10.1 


14.1 


rcmotc-as 


100 


R4(config)#ro Liter rip 










R4 (con fig-ro utcr)#no au 










R4 (c o n fig-ro u t ftr)# vftr 2 










R4(c onfig-rou tcr)nnct\v 1 0. D. 0. 









CCIE R&* by Narbik Kuehariaiw Advanced CCIE R&S Work Book 2.0 Page 781 of 1068 

C2009 N«rl>ik Kucha rum. All righti roerved 



Task 2 

Configure Rl in AS 100 such that routers in AS 200 use the link through R4-RI to reach 
its network 1 .0.0.0 '8. Use the AS-Path attribute to accomplish this task. 



Before this attribute is configured, the existing BGP table of the routers in AS 200 
should be examined, as followed: 

On R2 

R2*Sh ip bap 

BGP table version is 6, local router ID is 222.2 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

r RIB -ikilurc s S State 
Origin codes: i - 1GP, c - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 

*i 1.0.0.0 1 0.1. 14.1 

*> 10.1.12.1 

*> 2.0.0.0 0.0.0.0 

*>i3 .0.0.0 10.123.3 

*>i4 .0.0.0 10.1.34.4 

♦ill. 0.0.0 10.1.14.1 

*> 10.1.12.1 

On K3 

R3*Sh in bgp 

BGP table version is 6, local router ID is 3.3.3.3 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

r RIB- failures Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 

Metric LocPrf Weight Path 






100 


! 00 : 


1) 




100 i 







32768 i 





100 


Oi 





1 00 


Oi 





100 


1 00 i 







100: 



Network 


Next Hop 


*i 1.0.0.0 


10.1.14.1 


*>i 


10.1.12.1 


*>i2 .0.0.0 


10.1232 


*> 3.0.0.0 


0.0.0.0 


*>i4 .0.0.0 


10.1.34.4 


♦ill. 0.0.0 


10.1.14.1 


*>i 


10.1.12.1 






1 00 


100 


Li 


100 


100 





100 


Oi 







32768 i 





100 


Oi 





100 


100 





100 


100 



CCIE R&S, by NarMk Kucharians Advanced CCIE R&S Work Book 2.0 Page ?82oflQ68 

£ 3009 Narbik Kucha rianx All ri||hUraerv«l 



On K4 

R4nSh ip bgp 

BGP tabic version is 6, local router ID is 4.4.4.4 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

r RJ B - tail uirc, S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 

Network Next Hop Metric LocPrf* Weight Path 



*> 1.(1.(1.0 


1(1.1.14.1 







(1 1(10 i 


*i 


10.1.12.1 





100 


100 i 


*>i2 .0.0.0 


10.1.23.2 





100 


0: 


*>i3 .0.0.0 


1 0. 1 .34.3 





100 


0i 


*> 4.0.0.0 


0.0.0.0 





3 


2768 i 


*> 1 1.0.0.0 


10.1.14.1 







1 00 i 


*i 


10.1.12.1 





1 00 


100 : 



To L'onfinunj \l\ so Ihu rouli'rs in AS 200 lukii lliu R4-R1 link to roach nutuork 
1.0.0. (1/8: 

On kl 

Rl(config)#actess-list 1 permit 1.(1.0.00.255.255.255 

R I (con fig)?* route- map TST1 permit 10 
R 1 (c o n fig-r o u t c- map )#matc h ip ad d r 1 
Rli;config-route-map)#sctas-pathprcpcnd 100 100 100 100 

R I (oomfigJS route- map TST1 permit 20 

R 1 (c o n fig -r o u t c- map ) £ ro u t er bg p 1 

R 1 1 c o n fig -r o u t cr)#neighbo r 10.1.12.2 ro u t c- map TST1 o ut 

'I'u verify the configuration: 

On K2 

R2*Sh ip bap 

BGP tabic version is 7, local router ID is 222.2 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 



COE R&$ by NarMk Kuehariaiw Advanced CCIE R&S Work Book 2.0 Page 783 of 1068 

C 2009 NarbikKochariaiu. All rijhu rcirrvetl 













rRlB-lailurc, S Stale 








Origin codes: i - 1GP, c - EGP, '.' - incomplete 








Network Next Hop Metric LocPrf Weight Path 








*>i i.o.o.o i a. 1.14.1 o ioo " a iooi 








* 10.1.12.1 100 100 100 100 100 i 








*> 2.0.0.0 0.0.0.0 32768 i 








*>i3 .0.0.0 10. 1.23.3 100 Oi 








*>i4 .0.0.0 10.1.34.4 100 Oi 








* ill. 0.0.0 10.1.14.1 100 i) 100 i 








*> 10.1.12.1 OlOOi 








On R3 








R3*Sh ip bgp 








BGP table version is 7, local router ID is 3.3.3.3 








Status codes: s suppressed;, d damped, h history, * valid, > best, i - internal, 








rPJB -lailurc,S Stale 








Origin codes: i - 1GP, c - EGP, '.' - incomplete 








X ct w or k Ncx t Ho p Metric Loc P r f Weight P at h 








*>il. 0.0.0 10.1.14.1 100 " 100 i 








*>i2 .0.0.0 10.1.23.2 100 Oi 








*> 3.0.0.0 0.0.0.0 32768 i 








*>i4.0.0.0 10.1.34.4 100 Oi 








* ill. 0.0.0 10.1.14.1 100 100 i 








*>i 10.1.12.1 100 OlOOi 








On R4 








R4#Sh ip bgp 








BGP table version is 6, local router ID is 4.4.4.4 








Status codes: 8 suppressed, d damped, h history, * valid, > best, i - internal, 








rRlB-lailurc, S Stale 








Origin codes: i - 1GP, c - EGP, ? - incomplete 








Network Next Hop Metric LocPrf Weight Path 








*> 1.0.0.0 10.1.14.1 OlOOi 








*>i2 .0.0.0 I (XI, 31 2 100 Oi 








*>i3 .0.0.0 10.1.34.3 100 Oi 








*> 4.0.0.0 0.0.0.0 32 "68: 








*> 11.0.0.0 10.1.14.1 OlOOi 






cc 


IE R&* b) Narbik Kuchariatis Advanced CCIE R&S Work Book 2.0 


Page "84 of It 


168 


C2Q09 \«rl>ik Kucha rum. All riflhu reserved 





* ; 



i 10.1.12.1 100 100 i 

Note the AS- path attribute is used to influence the degree of preference in another 
AS. R2. R3 and R4 will t!0 through R4 to reach network 1.0.0.0 /8. 



Task 3 

Configure Rl in AS 100 such that the routers in AS 200 use the link through R2-R1 to 
reach network 1 1 .0.0.0 /8. L'sc the AS-Path attribute to accomplish this task. 



Before this attribute is configured, the existing BGP table of the routers in AS 200 
should be examined, as followed: 

On R2 

R2?*Sh ip bgp 

BGP tabic version is 7, local router ID is 222.2 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

r RIB -failurc,S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 

N ct w o r k Ncx t Ho p M ctric Loc P rf Weigh t P at h 



*>il. 0.0.0 


10.1.14.1 





100 


100 i 


* 


10.1.12.1 







100 100 100 100 100 


*> 2.0.0.0 


0.0.0.0 







32768 i 


*>i3 .0.0.0 


1 0. 1 .23.3 


(] 


100 


Oi 


*>i4.0.0.0 


1 0. 1 .34.4 





100 


Oi 


♦ill. 0.0.0 


10.1.14.1 





100 


100 i 


*> 


10.1.12,1 


I) 




100 i 


On R3 










R3#Sh ip bgp 











BGP tabic version is 7, local router ID is 3.3.3.3 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

r RIB -failures Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 

Network Next Hop Metric LocPri' Weight Path 



CHE R&S by NarMk Kuehariaiw Advanced CCIE R&S Work Book 2.0 Page ~8SoflQ68 

C 2009 Narlrik. Kucha runt. All rijhU raerved 



*>i 1.0.0.0 


10.1.14.1 





100 


100: 


*>i2 .0.0.0 


10.1.23.2 





100 


Oi 


*> 3.0.0.0 


0.0.0.0 





3 


2768 i 


*>i4 .0.0.0 


1 0. 1 .34.4 





100 


Oi 


* ill. 0.0.0 


10. 1.14.1 





100 


100 i 


*>i 


10.1.12.1 





100 


100 i 


On R4 










R4#Sh ip bjzp 











BGP tabic version is 6, local router ID is 4.4.4.4 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 
r RIB -failure, S Stale 



Origin codes: 


i-IGP, c-EGP 


, ? - incomplete 


Network 


Next Hop 


Metric 


LocPrf Weight Path 


*> 1.0.0.0 


10.1.14.1 





100 i 


*>i2 .0.0.0 


1 0. 1 .23.2 





100 Oi 


*>i3 .0.0.0 


10.1.34.3 





100 : 


*> 4.0.0.0 


0.0.0.0 





32768 i 


*> 11.0.0.0 


10.1.14.1 





100 i 


*i 


10.1.12.1 





100 100 i 



To configure rhe jttrjbutg on Kl: 

On kl 

Rlfconfig^acccss-list 11 permit 11.0.0.0 0.255.255.255 

RI(config)#routc-map TST11 permit 10 

Rl (c o n fig -ro utc- map )# match ip addr 11 

R 1 (con fig-route* map )**iA as- path prep end 100 100 100 100 

Rlfconfig^ro utc- map TST11 permit 20 

R 1 (c o n fig-ro u t c- map )# ro u t cr bgp 1 00 

Rife on fig -router) "neighbor 10.1.14.4 route- map TST11 out 



To verify the configuration: 



On K4 



CCIE R&*> by Narblk KuL-hurLuiw Adt anted CCIE R&S Work Book 2. II Pqge "86 of 1068 

£ 20(19 Narbik Kocluiruiiu. All rijhu raerved 



R4"Sho\v ip bgp 

BGP tabic version is 28, local router ID is 2.22.2 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

rRlB-iailurc, S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 

Metric LocPrf Weight Path 



Network 


Next Hop 


*> 1.0.0.0 


10. 1.14. 1 


*>i2 .0.0.0 


1 0. 1 .23.2 


*>i3 .0.0.0 


10.1.34.3 


*> 4.0.0.0 


0.0.0.0 


* 11.0.0.0 


10.1.14.1 


*>i 


10.1.12.1 






o ion ^ 





100 i 





100 Oi 





32768 i 


1) 


o i»o 100 100 100 100 



(I 1 00 10(1 i 

On K3 

R3»Sh ip bgp 

BGP tabic version is 13, local router ID is 3.3.3.3 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

r R] B - tail urc, S Stale 
Origin codes: i - 1GP, c - EGP, ?— incomplete 

Metric LocPrf Weight Path 



Network 


Next Hop 


*>il. 0.0.0 


10. 1.14. 1 


*>i2 .0.0.0 


1 0. 1 .23.2 


*> 3.0.0.0 


0.0.0.0 


*>i4.0.0.0 


1 ft 1 .34.4 


*>i 11.0.0.0 


10.1.12.1 


On R2 




R2*Sh ip bgp 








100 100 





100 i 





32768 i 





100 i 





100 100 



BGP tabic version is 13, local router ID is 2.22.2 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

r RIB - failure, S Stale 
Origin codes: i - 1GP, c - EGP, ? - incomplete 

Network Next Hop Metric LocPrf Weight Path 

*>il .0.0.0 10.1.14.1 100 " 100 i 

* 10.1.12.1 100 100 100 100 100 

*> 2.0.0.0 0.0.0.0 327681 



CCIE R&S by NarMk Kuchariaiw Advanced CC1E R&S Work Book 2.0 Page 787 of 1068 

C2009 N»rbik Koch* rum. All riflhU raervetl 



*>i3. 0.0.0 


10.1.23.3 





100 


Oi 


*>i4 .0.0.0 


1 0. 1 .34.4 





100 


LI I 


*> 1 1.0.0.0 


10.1.12.1 







100 i 



Note all the routers will take the R2-R1 link to connect to network 1 1.0.0.0 8. 



Task 4 

Erase the startup configuration and reload the routers before proceeding to the next lab. 



CCIE R&«* by Narbik Kuchariaiw Advanced CCIE R&S Work Book 2.0 Page ?88afJ068 

£ £009 N«rl>ik Kucha riaiu. All rij|hu raerved 



Lab 14 - The Weight Attribute 



AS 100 



AS 200 



\ 



s 



s 



/ 

\ 
\ 




10. 1.1 4.0/24 



10/L23jO/24 



FO/0 




FO.'O 



\ 



N 



-■•• 



V AS 400 



AS 300 



s 



Lab Setup: 

> Configure the routers that arc connected to the frame-relay clouds in a point-to- 
point manner. 

> R i and R4's FO/0 interface should be configured in VLAN 14. 

> R2 and R3's F0 /0 interface should be configured in VLAN 23. 

> Use the following IP addressing chart for IP address assignment. 



CCIE R&5> by Narvik Kuehariaiw Advanced CCIE R&S Work Book 2.0 

C2009 Nvbik Kucha rmni. All rijjhu rciervcil 



Page ?89ofJ068 



II* addt Lssinjj; 



Router 


Interface 


IP Address 


AS number 


Rl 


LoO 


1.1.1.1 8 


100 




Lol 


1 I.I.I. 1 8 






SO/0. 12 


10.1.12.1 ;24 






FO/0 


10.1.14.1 24 




R2 


LoO 


mi ,'S 


200 




Lol 


2 2. 2. 2. 2, '8 






SO/0.21 


10.1.12.2/24 






FO/O 


10.1.23.2/24 




R3 


LoO 


T "1 T T C 1 


300 




Lol 


^^■.j'.j'. ^ S 






FO/0 


10.1.23.3/24 






SO/0.34 


10.1.34.3 24 




R4 


LoO 


4.4.4.4 '8 


400 




KO/0 


10.1.14.4,24 






SO/0.43 


10.134.4 '24 





Task I 

Configure router Rl in AS 1 00 to establish EBGP peer sessions with R2 in AS 200 and 
R4 in AS 400. 

Router R2 should establish EBGP peer sessions with Rl in AS 100 and R3 in AS 300. 
Router R3 sho uld establish EBGP peer sessions with R2 in AS 200 and R4 in AS 400. 
Router R4 should establish EBGP peer sessions with Rl in AS 100 and R3 in AS 300. 
The BGP routers should ONLY advertise their bopback's in BGP. Provide NLR] lor the 
Sinks using RIPv2. 



On kl 



100 



Rl (con fig- if)#ro utcr bgp 
Rl iconfig-routcr)#no au 

Rl(config-routcr)Trncighbor 10.1.14.4 rcmotc-as 400 
Rl icon fig -routcr)#ncighbor 10.1.12.2 rcmotc-as 200 
Rl(eonfig-routcr)#nctw 1 1.0.0.0 
Rl (config-routcr^nctw 1 .0.0.0 

R I [c o n fig)rr ro utcr rip 

Rl iconfig-routcr^no au 

R 1 (config-routcr)r*vcr 2 

R 1 (c onfig-rou tcr)f*nct\vork 1 0. 0. 0. 



CCIE R&«* bv Narbik KuL-harians 



Advanced CCI E RA.S Work Book 2.0 

C 2009 Varbik Kuchariam. All rnjhb r«trvnl 



Page 790afJ068 



On R2 

R2 (con figure utcr bgp 200 

R2(config-routcr)r*no au 

R2 (co n fig-ro u tcr)#nctw 2 . 0. . 

R2 ( C o n fig-ro li tcr)#nctw 22 .0.0.0 

R2(config-routcr)#ncighbor 10.1.12.1 rcmotc-as 100 

R2(config-roLitcr)#ncighbor 10.1.23.3 rcmotc-as 300 

R2(c:onfig)#rauter rip 
R2(config-roLitcr)#no au 
R2(c o n fig-ro u t cr)# vcr 2 
R2(config-routcr)#nctw 10.0.0.0 

On K3 

R 3 ( c o n fig-ro u tcr bgp 30 
R 3 (con fig-ro Liter )frno au 
R3(config-routcr)#nctw 3.0.0.0 
R3 (co n fig-ro li tcr )#nctw 3 3 . 0. 0. 
R3(config-roLitcr)#ncighbor 10.1.34.4 rcmotc-as 400 
R3(config-routcr)Ti ! ncighbor 10.1.23.2 rcmotc-as 200 

R3(config)#routcr rip 

R3(config-roLitcr)#no au 

R 3 (c o n fig-ro u t cr ) # vcr 2 

R 3 (co n fig-ro u tcr)#nctw 10.0. 0.0 

On R4 

R4(config)#raiitcr bgp 400 

R4 (c o n fig-ro li t cr)#no syn 

R4 (c o n fig -ro u t cr )#nctw 4 . 0. .0 

R4(config-roLitcr)#ncighbor 10.1.34.3 rcmotc-as 300 

R4(config-roLitcr)#ricighbor 10.1.14.1 rcmotc-as 100 

R4(config)#routcr rip 
R4(config-routcr)#no au 
R4(c;onfig-routcr)r*\cr 2 
R4(config-raLitcr)#nctw 1 0.0.0.0 

To verity the configuration: 



CC[ER&Sb> \ ar Ink Ku char ians Advanced CCIE R&S VYork Book 2.0 Page 791 of 1068 

C 2009 Narbik Kucha riant. All rig lib reserved 























On R4 






R4#Sh ip bgp 










BGP table version is 8, local router ID is 4.4.4.4 










Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 










r RIB -fai lure, S Stale 










Origin codes: i - 1GP, c - EGP, ? - incomplete 










Network Next Hop Metric Lot Prf Weight Path 










*> 1.0.0.0 10.1.14. 1 Q 100 i 










* 10.1.34.3 300 200 100i 










*> 2.0.0.0 10.1.14.1 0100 200 i 










* 10.1.34.3 300 200 i 










* 3.0.0.0 1 0.1. 14.1 100 200 300 i 










*> 10.1.34.3 300i 










*> 4.0.0.0 0.0.0.0 32768 i 










*> 11.0.0.0 10.1.14.1 100 i 










* 1 0.1.34.3 300 200 100 i 










*> 22.0.0.0 10.1.14.1 0100 200 i 










* 10.1.34.3 300 200 i 










* 33.0.0.0 10.1.14.1 100200300 i 










*> 10.1.34.3 300i 








Task 2 








Configure Rl in AS 100 to use AS 200 to reach all the prefixes within this topology; you 








must use The Weight attribute to accomplish this task. 










The BGP table of Rl should be examined before the weight attribute is manipulated 










RI«Shipbgp 










BGP table version is 8, local router ID is 1 1. 1,1.1 










Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 










r RlB-failurc, S Stale 










Origin codes: i - IGP, c - EGP, ? - incomplete 










Network Next Hop Metric LocPrf Weight Path 










*> 1.0.0.0 0.0.0.0 32768 i 










*> 2.0.0.0 10.1.12.2 200i 


H8 




CC 


IE R&S b) Narbik Kocharians Ad* anted CCIE R&S Wurk Book 2.0 Page 792 of It 




C 2009 Narbik Kiichnrinni. All rig lib reserved 















* 3.0.0.0 


10.1.14.4 




400 300 i 


*> 


10.1.12.2 




200 300 i 


* 4.0.0.0 


10.1.12.2 




200 300 400 


*> 


10.1.14.4 





400 i